Penalty against Optical Center
Optical Center is a company that produces optical glasses for customers. On the homepage of the company customers can order appropriate visual aids. In 2017, the French Data Protection Authority (CNIL) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons could access customer personal data. It was not only possible to retrieve names, addresses and telephone numbers, but also medical data provided by customers when ordering glasses (for example, diopters to make the glasses in the correct prescription).
Type of Issue:
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data