INTERURBANA DE AUTOBUSES, S.A.

Описание

The Spanish DPA has fined INTERURBANA DE AUTOBUSES, S.A. EUR 70,000 after an employee filed a complaint over the publication of personal data on the company's bulletin boards. According to the data controller, an error in the HR department led to printing a full list of the employees—including sensitive details like addresses—instead of the electoral roll, which is meant to include only the information necessary for union elections. The DPA considered this to be a violation of the principle of data minimization, since, on the one hand, more personal data than necessary for the election was published and, by posting it on the bulletin boards, there was a risk that third parties could see the data from the outside through a window.