Penalty against Optical Center
Optical-Center is a company that manufactures optical glasses for customers. Customers can order appropriate visual aids on the company’s homepage.
In 2017, the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons were able to access customers’ personal data. It was possible to query not only names, addresses and telephone numbers, but also medical data that customers had provided when ordering glasses (e.g. diopters, so that the glasses would be manufactured with the appropriate prescription).
Art des Verstoßes:
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data