Ica s.r.l.

€30,000

Insufficient technical and organisational measures to ensure information security

Decision Date

December 2, 2021

Authority

Italian Data Protection Authority (Garante)

IT

Sector

Industry and Commerce

Country

IT

Law

GDPR

Status

FINAL

Description

The Italian DPA (Garante) has fined ICA s.r.l. EUR 30,000. The municipality of Collegno had implemented a system developed by ICA through which citizens could pay fines for traffic violations. However, due to a lack of security precautions, it was theoretically possible for unauthorized persons to access personal data stored via the program. For this reason, the DPA found that ICA had failed to implement appropriate technical and organizational measures providing a level of security commensurate with the risk posed to the data subject.

Legal Citations

Art. 5 (1)Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - IMAGINA...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.