Covid-19 test center

€2,700

Insufficient technical and organisational measures to ensure information security

Datum der Entscheidung

1. Januar 2022

Behörde

Data Protection Authority of Hamburg

DE

Sektor

Health Care

Land

DE

Recht

GDPR

Status

FINAL

Beschreibung

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Juristische Zitate

Art. 32 (1)

Probleme und Verstöße

Insufficient technical and organisational measures to ensure information security
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Data Protection Authority of Hamburg - Covid-19 te...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.