unlawful submissions to general practitioners
After a report on the abortion of a patient was mistakenly sent to a general practitioner, although she expressly disagreed with it, the Italian data protection authority started investigating the healthcare company. As the investigations revealed, the data breach was caused by a software failure that was used to manage patient data. A total of 48 people in the period between April 2018 and August 2019 were affected by this error and the problems it created. In this case, the authority decided that there was a violation of the principle of integrity and confidentiality on the part of the controller.
Entscheidungsdatum:
20.07.2021
Land:
Italy
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
48
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 120,000,-
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
9. Processing of special categories of personal data
Quelle:
GPDP fines