Covid-19 test center
€2,700
Insufficient technical and organisational measures to ensure information security
Päätöspäivä
1. tammikuuta 2022
Viranomainen
Data Protection Authority of Hamburg
DE
Ala
Health Care
Maa
DE
Laki
GDPRTila
FINALKuvaus
The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.
Oikeudelliset viittaukset
Art. 32 (1)
Asiat ja rikkomukset
Insufficient technical and organisational measures to ensure information security