The Data Protection Commissioner has imposed a €5,000 fine on the Lands Authority after an investigation of a major data breach in November.
In a statement, the commissioner said the matter was brought to his attention by the Times of Malta on November 23.
"The findings of the investigation established that the online application platform available on the authority’s portal lacked the necessary technical and organisational measures to ensure the security of processing," the commissioner said.
The Lands Authority was found to have infringed the General Data Protection Regulation and was served with an administrative fine of €5,000.
The level of the fine was reached after the Commissioner took into account the circumstances set out in the General Data Protection Regulation.
The EU's GDPR empowers supervisory authorities to fine companies up to €10 million or 2 per cent of their turnover for data protection breaches. Those fines can even double - to €20m or 4 per cent of turnover - in the cases of more serious breaches.
A temporary ban imposed on the Lands Authority’s portal has been lifted.
The commission said the authority offered its full collaboration in the investigation.
Times of Malta had reported that a massive security flaw in the Lands Authority’s website inadvertently dumped a huge amount of personal data online.
Identity card details, e-mail correspondence, affidavits and other compromising data were made easily searchable on the internet thanks to the security flaw in the website.
Times of Malta was able to access over 10 gigabytes of personal data from the Lands Authority through a simple Google search.
Much of the data contained highly sensitive correspondence between individuals and the authority.
Website back online
The Lands Authority said on Monday that it had chosen to respect the Commissioner's decision, notwithstanding the possibility to appeal, adding that his conclusion was based on the outcome of its internal investigation.
The Lands Authority’s website is once again available online, but the applications platform is still unavailable as the entire module has been recommissioned to ensure it is free from technical vulnerabilities.
In the meantime, however, the public can download application forms through its website and lodge applications via e-mail in order to facilitate the application process.