Covid-19 test center
€2,700
Insufficient technical and organisational measures to ensure information security
Ημερομηνία απόφασης
1 Ιανουαρίου 2022
Αρχή
Data Protection Authority of Hamburg
DE
Τομέας
Health Care
Χώρα
DE
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.
Νομικές παραπομπές
Art. 32 (1)
Θέματα & Παραβάσεις
Insufficient technical and organisational measures to ensure information security