Lazio Region

Description

The Italian DPA has imposed a fine of EUR 100,000 on Lazio Region. An individual had filed a complaint with the DPA because she had received an invitation from the regional health authority to participate in the cervical cancer screening program that was addressed to her daughter, who died in 1995. During its investigation, the DPA discovered that the daughter's data was still in the region's database even though she had already died. For this reason, the DPA found that the Region had violated the principles of accuracy and correctness. As the owner of the data, the Region should have ensured that the personal information was accurate and updated as necessary, and taken all reasonable steps to delete or correct the information it used in a timely manner. In addition to the above, the Garante also found that the Region had not properly provided data subjects with the required information about the processing of their personal data when sending out the invitation letters for a cervical cancer screening campaign. In imposing the fine, the DPA took into account, as an aggravating factor, that the Region had already received a fine.