The investigation was initiated following a complaint from an insurance company (Poste Vita) customer who complained about the unlawful disclosure of personal data to an unauthorised third party who had then used it in legal proceedings. The data related to three life insurance policies held by the complainant.
During the investigation, the Italian Supervisory Authority (SA) verified that the data breach had occurred due to a series of errors committed by the company's operators. They had responded to requests for information regarding the data subject's policies without first verifying that the email address from which the requests were sent matched the contact details provided by the customer. The requests came from two email addresses which, although they had the name and surname of the data subject, who had never provided any email address to the company, were in fact linked to third parties.
Noting that in the meantime the insurance company had implemented corporate procedures aimed at rigorously verifying the identity of the person concerned, the Italian SA imposed a fine of 80,000 EUR, without taking further measures.
For further information: Data breach, il Garante sanziona Poste Vita per 80mila euro
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。