UWV (Dutch employee insurance service provider)

€900,000

Insufficient technical and organisational measures to ensure information security

Beslissingsdatum

31 oktober 2019

Autoriteit

Dutch Supervisory Authority for Data Protection (AP)

NL

Sector

Finance, Insurance and Consulting

Land

NL

Wet

GDPR

Status

FINAL

Beschrijving

As the UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen') did not use multi-factor authentication when accessing the online employer portal, security was inadequate. Employers and health and safety services were able to collect and display health data from employees in an absence system.

Juridische citaten

Art. 32

Problemen en overtredingen

Insufficient technical and organisational measures to ensure information security
Officieel document bekijken
Terug naar de database met boetes
Vorige boete
Spanish Data Protection Authority (aepd) - Jocker ...
Volgende boete
Data Protection Authority of Hamburg (HmbBfDI) - C...

Blijf op de hoogte van privacybescherming

We respecteren je privacy. Eén e-mail per maand, geen spam, afmelden kan altijd.