Covid-19 test center

€2,700

Insufficient technical and organisational measures to ensure information security

Otsuse kuupäev

1. jaanuar 2022

Ametiasutus

Data Protection Authority of Hamburg

DE

Sektor

Health Care

Riik

DE

Seadus

GDPR

Staatus

FINAL

Kirjeldus

The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.

Õiguslikud viited

Art. 32 (1)

Probleemid ja rikkumised

Insufficient technical and organisational measures to ensure information security
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
Data Protection Authority of Hamburg - Covid-19 te...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.