Penalty against Optical Center
Optical-Center is a company that manufactures optical glasses for customers. Customers can order appropriate visual aids on the company’s homepage.
In 2017, the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons were able to access customers’ personal data. It was possible to query not only names, addresses and telephone numbers, but also medical data that customers had provided when ordering glasses (e.g. diopters, so that the glasses would be manufactured with the appropriate prescription).
For more information, see our news article.
Entscheidungsdatum:
07.06.2018
Land:
France
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
300 000
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 250,000,-
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data
Quelle:
Press release of the French data protection authority CNIL (French)