Istituto Nazionale Assicurazione Infortuni sul Lavoro

Опис

The Italian DPA has fined Istituto Nazionale Assicurazione Infortuni sul Lavoro (Public Accident Insurance for workers) EUR 50,000. As part of its investigation, the DPA found that on three occasions the accident and occupational illnesses of other employees were publicly viewable on an online system of the insurance carrier. The incident occurred due to an outdated version of the system. The DPA concluded that the insurance carrier had not sufficiently fulfilled its duty to take appropriate technical and organizational measures to prevent personal data breaches. The insurance carrier should have ensured that updated and secure online systems were used.