Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
By reusing papers already printed on the back with other clients’ personal data, a lawyer sends a letter of invitation.

By reusing papers already printed on the back with other clients’ personal data, a lawyer sends a letter of invitation.

Even if saving paper in the office can be ecologic and useful in order to spend less on office suppliers, if it is not paid attention sometimes saving money on paper can be very expensive.
It was learned at his expense by a lawyer who reused the papers from the unprinted side. This appeared in a letter sent to different customers.

By sending letters of invitation to the condos of a real estate property, in two cases a legal professional did not realize to use papers printed where in the already printed side appeared personal information of the previous clients, one of which was minor.

The distraction could not be observed from the condos when they received the letters from the lawyer, who, upon realizing the dissemination of personal data to unauthorized third parties, decided to make a complaint to the data protection authority.

It was the Spanish Data Protection Agency (AEPD) to begin an investigation into what happened, and after having controlled the documents produced in the complaint by the condominos, asked the lawyer for clarification, without receiving some answers or justification that could contradict the reported facts.

The AEPD noted that the lawyer had committed a breach of Article 32 of the GDPR, that obliges controllers to take “appropriate technical and organisational measures to ensure a level of security appropriate to risk”, including “the ability to ensure their permanent basis the confidentiality, integrity, availability and resilience of treatment systems and services”, as well as a procedure to periodically test, verify and evaluate the effectiveness of technical and organizational measures to ensure the security of the treatment.

For these reasons, recognizing that it was only unintentional negligence, the AEPD found that the information appeared in the back of the documents “were personal data allowing the identification of interested persons” and therefore, in proceedings N.PS/00390/2019 of 9 June 2020 imposed a penalty of 2,000 euros on the lawyer.

The intention to save some money has faded (since with the fine money we could have bought at least a thousand backwaters of A4 sheets of paper), the lawyer will at least remain the scant consolation of his good ecological purpose to respect the environment and weigh less natural resources.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research