Denmark’s SIRI Reports Former Employee to Police for Having Accessed Personal Data

The Danish Agency for International Recruitment and Integration (SIRI) has reported a former employee to the police for having accessed personal data in the case processing system without authorisation.

According to SIRI, the former employee has accessed data belonging to around 3,300 people between January 2021 and November 2022, putting the system at risk, SchengenVisaInfo.com reports.

Taking into account the sensitivity of the data that has been accessed, SIRI has made sure to inform all those who have potentially been affected and has reported the incident to the Danish Data Protection Agency.

Moreover, the authorities have pledged to do everything in their power to ensure that a similar case does not happen again.

Commenting on the matter, the General Director of SIRI, Trine Rask Thygesen, said that this is a regrettable case and stressed that the authorities have already terminated the employment of the persons who accessed personal data without authorisation.

“This is a very regrettable case, which I take very seriously. We are dealing with an employee who has grossly abused their access to personal data, and consequently, we have terminated their employment and reported the case to the police,” the statement of Thygesen reads.

Moreover, Thygesen emphaised that the authorities will review the current procedures that the country has as well as guidelines in order to investigate whether they can introduce stricter rules to prevent access to personal data by unauthorised people.

SIRI explains that the authorities found out about this particular case on October 2022, after the authority was contacted by a citizen who suspected that an employee had had unauthorised access to their personal data.

Based on the data available that SIRI had back then, it could not identify the employee. However, only after a month, SIRI found out who the employee was. The same banned the individual from all premises.

“By accessing the systems, the employee would have been able to access information such as CPR number, income, family relations and decisions made in cases regarding residence permits and related cases,” SIRI explained.

The same noted that the employee’s telephone, access card, and computer were confiscated, and their access to the IT system of SIRI was suspended.

Data show that as soon as SIRI accepted proof that the former employee was involved in such activities, they reported the employee to the police and then informed around 273 affected individuals of the unauthorised access to their personal data.

Following this incident, SIRI has initiated an evaluation, and among others, it plans to review how access is given to employees and to what extent.