Covid-19 test center

€2,700

Insufficient technical and organisational measures to ensure information security

Dato for beslutning

1. januar 2022

Myndighed

Data Protection Authority of Hamburg

DE

Sektor

Health Care

Land

DE

Lovgivning

GDPR

Status

FINAL

Beskrivelse

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Juridiske citater

Art. 32 (1)

Problemer og overtrædelser

Insufficient technical and organisational measures to ensure information security
Se officielt dokument
Tilbage til bøde-databasen
Forrige bøde
Data Protection Authority of Hamburg - Covid-19 te...
Næste bøde
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold dig opdateret om håndhævelse af privatlivets fred

Vi respekterer dit privatliv. En e-mail om måneden, ingen spam, afmeld når som helst.