Poste Vita S.p.a.
€80,000
Insufficient technical and organisational measures to ensure information security
決定日期
2025年7月10日
權限
Italian Data Protection Authority (Garante)
IT
部門
Finance, Insurance and Consulting
國家
IT
法律
GDPR狀態
FINAL說明
The Italian DPA has imposed a fine on Poste Vita S.p.a. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a third party successfully tricking an employee into forwarding sensitive personal data, which was then used against the data subject.
法律引文
Art. 5 (1)Art. 33 (1)
問題與違規
Insufficient technical and organisational measures to ensure information security