Swedish municipality leaked data 25 years after employee left
Växjö municipality leaked personal data of 5,000 people, including employees dead for 15 years. The breach exposed systemic failures in Swedish data protection compliance. Former nurse Irene Nilsson's information remained accessible 25 years after she left her job.
Växjö municipality leaked personal information of former employees decades after their service ended. The breach affected approximately 5,000 people whose outdated records remained in the system.
Irene Nilsson worked as a nurse for Region Kronoberg, not Växjö municipality. Yet her personal details appeared in the leak 25 years after she stopped working there. The 70-year-old expressed shock that her information remained accessible for so long.
Every Swedish municipality must delete outdated personal information under data protection laws. Investigations reveal Växjö kept records of employees who had been dead for up to 15 years. This represents a clear violation of Sweden's privacy regulations.
Security chief Marcus Holmqvist stated the municipality has plans for data storage protocols. He acknowledged the need for better systems to prevent future breaches.
How did a municipality fail to follow basic data retention rules for decades? The incident reveals systemic problems in Swedish local government data management. Municipalities clearly need stronger oversight of their information handling practices.
The breach affects thousands of former employees across Kronoberg County. Many may not yet know their personal information remains vulnerable in outdated systems.