Azienda Ospedaliero Universitaria di Parma: Non-compliance with general data processing principles
€10,000 fine - Italian Data Protection Authority (Garante)
Content
The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria di Parma EUR 50,000. The controller, a hospital, had reported two data breaches to the Italian DPA in which patient data was mistakenly disclosed to third parties. In the first incident, parents found the report of a microbiological examination of another patient in the file of their minor child. The report revealed the data subject´s name, tax number, address, birth date and various health data. In the second incident, the heir of a patient received the health report of another patient, which contained the name and birth date as well as data on the health status of the data subject.
GDPR Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
Industry: Health Care