Covid-19 test center

€2,700

Insufficient technical and organisational measures to ensure information security

Decision Date

January 1, 2022

Authority

Data Protection Authority of Hamburg

DE

Sector

Health Care

Country

DE

Law

GDPR

Status

FINAL

Description

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Legal Citations

Art. 32 (1)

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Data Protection Authority of Hamburg - Covid-19 te...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.