Reporting of Security Flaws What shouldn’t you do? You should not take advantage of any error/security flaw you may have observed for the purpose of acces - sing data. It is naturally possible for you to be granted access to data that does not concern you through no fault of your own. What is vital is that you do not explore the security flaw and take advantage of it to access any additional data. Once we receive your notification, we will immediately, depending on the scope and severity of the security flaw, initiate the rectification work. We appeal to you that you do not contribute yourself to exacerbating the consequences of the identified security flaw – for example, by going to the media with your knowledge of the security flaw, while we are processing your notification. This also applies to social media. Others may take advantage of the security flaw. Therefore, it is of decisive importance that we get an op - portunity to solve the problem before it becomes public knowledge. This makes it possible for us to limit the damage – also for anyone who has possibly been affected. If you choose to contribute to spreading information that has inadvertently become accessible as a result of the identified security breach, we may be forced to consider you complicit in hacking and possibly proceed by reporting you to the police. Where should I report? Please send the notification through the KMD Whistleblower Arrangement here We kindly ask you to inform us of the problem as quickly as possible and without undue delay. It is vital that we get an opportunity to solve the problem as quickly as possible. Is there a reward? KMD does not have a reward system for persons reporting a security flaw but may subject to exceptional circumstances choose to give a reward. What do we not need to know about? Ordinary program errors that do not lead to inadvertent access to personal data, as described above. Ordinary technical inquiries, e.g., concerning program errors, should be directed to our general support by completing the contact form on our webpage or by calling +45 4460 0000. What happens after you send us your notification? We will take your notification seriously and process it as soon as we receive it. When using the KMD Whistleblower Arrangement, you will always, within 48 hours of sending your notifica - tion, receive a confirmation that we have received it. Also, you will get feedback within two weeks, which will describe what we have done with your notification. The feedback will also indicate if you should expect to hear something more from us, or if the case is closed. There may be a duty to report the security flaw/data breach to the Danish Data Protection Authority or other public authorities. As a rule, this duty rests on the data controller and data processor, not on you as a citizen/ informer. Once you have notified us of the data breach, we will proceed with the notification, if any, to the Danish Data Protection Authority.
Download PDF fil