Details:
| Summary | The Italian DPA has fined Istituto Nazionale Assicurazione Infortuni sul Lavoro (Public Accident Insurance for workers) EUR 50,000. As part of its investigation, the DPA found that on three occasions the accident and occupational illnesses of other employees were publicly viewable on an online system of the insurance carrier. The incident occurred due to an outdated version of the system. The DPA concluded that the insurance carrier had not sufficiently fulfilled its duty to take appropriate technical and organizational measures to prevent personal data breaches. The insurance carrier should have ensured that updated and secure online systems were used. |
| Link: | link |
| Related articles: | Art. 5 (1) a), f) GDPR, Art. 6 (1) e) GDPR, Art. 9 (2) g) GDPR, Art. 32 GDPR, Art. 2-ter Codice della privacy, Art. 2-sexies Codice della privacy |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 50,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/