National Center of Addiction Medicine ('SAA')

€20,600

Insufficient technical and organisational measures to ensure information security

Дата на решението

10 март 2020 г.

Орган

Icelandic data protection authority ('Persónuvernd')

Сектор

Health Care

Държава

Право

GDPR

Статус

FINAL

Описание

Persónuvernd noted that a former employee of the SAA received boxes of allegedly personal belongings that he had left there, but which also contained patient data, including the health records of 252 former patients and documents with the names of about 3,000 people who had participated in rehabilitation for alcohol and drug abuse.