Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ITALIAN SUPERVISORY AUTHORITY: say no to the spreading on the website of the Region of personal data that can reveal an economical disease

ITALIAN SUPERVISORY AUTHORITY: say no to the spreading on the website of the Region of personal data that can reveal an economical disease

The Italian DPA imposes a fine to the Region Lombardia off 200.000 euro

Personal data of who is asking for economical benefit need to be protected in a particular way in order to not reveal economical and social deseases conditions of data subjects.

This has been affirmed by the Privacy Authority that, after a report, has sanctioned the Region Lombardia for having shared on its website personal data of more than hundred students, who have asked scholarships or economical subsidies for the purchase of textbooks, technological equipment’s and instruments for the education. Keeping in mind that in order to have the access to a contribution there is the condition of having an ISEE not over 15.000 euro and the benefits entity was minimum (under 10.000 euro) the online sharing has as immediate effect that one of reveal the economical disease condition of data subjects.

More specifically, as it has surged from the preliminary verification of the Office, by the homepage of the website of the Region was possible to consult and download the list of applications accepted and financed, the list of application accepted that need to be financed, the lsit of beneficiaries of the state scholarship and the list of application not accepted. Those lists have personal data as the ID of the application, the name of the applicant, the student’s class, the code and the designation of the school, the number of the application.

The Authority has affirmed that public subjects, in complying these transparency obligations, can share personal data only if this operation is preventing by a legislation or a regulation, in cases required by the law and always in compliance with personal data protection legislation, as, for example, the minimization principle. Settings which are included into the Guidelines issued by the Authority in 2014. In any event, state legislation on transparency also excludes the publication of the data of the recipients of the measures, if it is possible to obtain information on the uncomfortable situation of the data subjects from such data.

Found the offence, the Authority has sanctioned the Region for 200.000 euros, taking into account the high number of people whose data were disseminated and the period of almost 11 months in which the infringement occurred, considered however to be of a culpable nature. Following the intervention of the Authority, the Region promptly removed the personal data subject to the breach from the institutional site.

SOURCE: AUTORITA’ GARANTE ITALIANA PER LA PROTEZIONE DEI DATI PERSONALI – GPDP

Recommended to you

Advanced Research