Växjö municipality leaked personal information of former nurse Iréne Nilsson 25 years after she stopped working for them. The 70-year-old never worked directly for Växjö municipality but for Region Kronoberg, the county council that shares the same city. Yet her data appeared online after a major security breach.
Investigations reveal the municipality failed to dispose of outdated information for approximately 5,000 individuals. Swedish law requires municipalities to delete personal data that is no longer relevant. Some of the stored records belonged to employees who have been dead for up to 15 years.
Marcus Holmqvist, Växjö's security chief, stated the municipality has plans for data retention. He did not explain why these plans failed to prevent the breach.
This incident raises serious questions about data protection practices in Swedish local government. Storing deceased individuals' information for over a decade shows clear disregard for privacy laws. The breach affects thousands of former public sector workers across Kronoberg county in southern Sweden.