(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ENROРу
ico search toggle
datepersonale.md
/
Uncategorized
/
Administrative fine in the amount of EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle

Administrative fine in the amount of EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle

img 98 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine in the amount EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle.

In the proceedings, the President of the Personal Data Protection Office (UODO)  established that the breach took place following the failure to restore the appropriate security configuration after one of the servers operated by the processor  was restarted. The controller was notified about this by one of its cybersecurity specialists, who detected the vulnerability and indicated sample, publicly available information. ID Finance Poland did not immediately check the system’s identified vulnerabilities and, as a result, a few days later, the data was stolen from this server.

When imposing the fine, the UODO took into account the scale of the breach and the scope of the stolen data. In addition, because unencrypted passwords have also leaked, it is possible to use these data to log in to different customer accounts, if they used the same login (e.g. e-mail) and password on other websites. In establishing the amount of the fine, Polish Data Protection Authority also took into account the controller’s delay in taking preventive measures. The amount of the fine should fulfil both a repressive and a preventive function. In the opinion of the authority, it should prevent similar breaches in the future both in the penalized company and at other controllers’.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
The NCPDP trained the representatives of the local public authorities from Căușeni district in the field personal data protection

The National Center for Personal Data Protection (NCPDP) trained, on October 7, the representatives of the local public authorities (LPA) from Căușeni district. The training course aimed to strengthen the capacities of LPA representatives and to familiarize, raising awareness and inform them with the field of personal data protection. The topics addressed in the training […]

img 9 Views
img
CNPDCP a instruit reprezentanții autorităților publice locale din raionul Căușeni în domeniul protecției datelor

Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a instruit, în data de 07 octombrie, curent, reprezentanții autorităților publice locale (APL) din raionul Căușeni. Cursul de instruire a avut drept scop de a consolida capacitățile reprezentaților APL-urilor și familiarizarea, sensibilizarea și informarea acestora cu domeniul protecției datelor cu caracter personal. Subiectele abordate în cadrul […]

img 33 Views
img Video gallery
img Information