Penalty against Optical Center
Optical Center is a company that produces optical glasses for customers. On the homepage of the company customers can order appropriate visual aids. In 2017, the French Data Protection Authority (CNIL) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons could access customer personal data. It was not only possible to retrieve names, addresses and telephone numbers, but also medical data provided by customers when ordering glasses (for example, diopters to make the glasses in the correct prescription).
Decision data:
07.06.2018
Country:
France
Type of Issue:
technical deficiency
Number of involved data records:
300 000
Special category of data involved:
Yes
Fine:
€ 250,000,-
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data
Reference: