Hacker attack on Lazio Region IT systems: sanctions by the Privacy Guarantor With three penalties of EUR 271,000, EUR 120,000, and EUR 10,000, imposed respectively on LAZIOcrea (the company that manages the regional information systems), the Lazio Region, and ASL Roma 3, the Privacy Guarantor has defined the proceedings opened after the hacking attack on the regional health system that took place in the night between 31 July and 1 August 2021. The data breach – caused by ransomware introduced…
Read moreITALIAN SUPERVISORY AUTHORITY: Work: the Garante’s no to the use of facial recognition to check attendance – Transport: Garante, more protection for subscribers’ data – Websites and apps for contact between doctor and patient: the Garante’s indications – Wiretapping, Garante: green light for interdistrict digital archives
Work: Privacy Guarantor’s rejection of the use of facial recognition for attendance checksFive companies fined for illegally processing biometric data Facial recognition to check attendance in the workplace violates employees’ privacy. There is currently no regulation allowing the use of biometric data, as required by the Regulation, to carry out such an activity. For this reason, the Privacy Guarantor sanctioned five companies – engaged in various capacities at the same waste disposal site – with fines of 70 thousand, 20…
Read moreITALIAN SUPERVISORY AUTHORITY: Employment agencies: the Authority has approved the Code of Conduct – Online dating: sanctioned a dating site for 200,000 euro – Medical prescriptions outside the surgery: a doctor sanctioned – Health: an aesthetic medicine centre sanctioned for breach of privacy
Employment Agencies: Authority launches Code of ConductCandidate data may only be collected on professional social channels The Authority has approved the Code of Conduct promoted by Assolavoro, the National Association of Employment Agencies. The Code defines ‘good practices’ for the correct processing of data carried out in the context of personnel intermediation, research and selection activities. With the same measure, the Authority accredited the Monitoring Body, an independent body made up of three members, which is called upon to verify…
Read morePOLISH SUPERVISORY AUTHORITY: A fine of PLN 100,000 for disclosure of health data
The President of the Personal Data Protection Office imposed a fine of PLN 100,000 (about 23,000 €) on the Minister of Health for disclosing data on one person’s health status. The Minister of Health, being the controller of the data processed in the electronic system, extracted data from it and next published them on one of the social media sites. The entry contained information about a doctor who had given himself a prescription for a psychotropic drug. Thus, the Minister of Health unlawfully disclosed…
Read more