ACTIVE ASSURANCES (car insurer)

€180,000

Insufficient technical and organisational measures to ensure information security

Datum der Entscheidung

25. Juli 2019

Behörde

French Data Protection Authority (CNIL)

FR

Sektor

Finance, Insurance and Consulting

Land

FR

Recht

GDPR

Status

FINAL

Beschreibung

Large amount of customer accounts, clients' documents (including copies of driver's licences, vehicle registration, bank statements and documents to determine whether a person had been the subject of a licence withdrawal) and data were easily accesible online. The CNIL, between others, critizised the password management (unauthorized access was possible without any authentication).

Juristische Zitate

Art. 32

Probleme und Verstöße

Insufficient technical and organisational measures to ensure information security
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Hungarian National Authority for Data Protection a...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.