National Center of Addiction Medicine ('SAA')
€20,600
Insufficient technical and organisational measures to ensure information security
Дата принятия решения
10 марта 2020 г.
Авторитет
Icelandic data protection authority ('Persónuvernd')
IS
Сектор
Health Care
Страна
IS
Закон
GDPRСтатус
FINALОписание
Persónuvernd noted that a former employee of the SAA received boxes of allegedly personal belongings that he had left there, but which also contained patient data, including the health records of 252 former patients and documents with the names of about 3,000 people who had participated in rehabilitation for alcohol and drug abuse.
Юридические цитаты
Art. 5 (1)Art. 32
Проблемы и нарушения
Insufficient technical and organisational measures to ensure information security