The Authority investigated a complaint against a company for breach of confidentiality of the complainant’s data by disclosing the complainant’s test results to her father by telephone. In particular, the complainant indicated that she herself did not provide her father’s mobile phone number to the complainant company. The examination of the case did not reveal the alleged violation. With regard to the procedure for collecting the contact details of the customers of the diagnostic centre upon their verbal declaration on…
Read moreITALIAN SUPERVISORY AUTHORITY: Data breach: sanctioned UniCredit for 2.8 million euro – Apps for diabetics: fined a medical device company – Speed cameras, Garante: favourable opinion to MIT – EU privacy authorities will have greater autonomy against non-EU companies
Data breach: the Garante fines UniCredit €2.8 million*.Fine of €800,000 also imposed on the company in charge of carrying out the security tests The measure was challenged before the Court of Milan, which ordered the suspension of the effectiveness of the accessory sanction of the publication of the measure on the Guarantor’s website by order no. 1927 of 28 March 2024 (RG no. 10477/202) Banks must take all necessary technical, organisational and security measures to prevent their customers’ data from…
Read moreICELANDIC SUPERVISORY AUTHORITY: Fine due to security weaknesses in Heilsuvera
Case no. 2020061844 The Authority has imposed an administrative fine, in the amount of ISK 12,000,000, on the Office of the National Medical Examiner due to a security weakness in the Heilsuveru information website. The office had reported a security breach when two people managed to see data that did not belong to them. On the one hand, it was due to a weakness in Heilsuveru’s message section, which meant that by changing the connection string, a logged-in user could…
Read moreITALIAN SUPERVISORY AUTHORITY: Sanctioned a Veneto local healthcare company for data breach. Health ticket exemption certificates sent to the wrong patients
Healthcare companies must take all the necessary technical and organisational measures to prevent patient data from being communicated by mistake to other recipients. This was reiterated by the Garante per la privacy when sanctioning a Veneto health authority for a personal data breach (data breach), which involved 39,852 patients, under the age of 6 and over the age of 65, with an income of less than EUR 36,151.98. The patients had received in their mailboxes a certificate containing personal data…
Read more