The Italian SA fined Poste Vita for data breach
Content
Background informationDate of final decision: 10 July 2025National caseController: Poste Vita s.p.a.Legal Reference(s): Article 5 (Principles relating to processing of personal data), Article 33 (Notification of a personal data breach to the supervisory authority)Decision: Administrative fineKey words: Administrative fine, Clients, Data security, Insurance, Personal data breachSummary of the DecisionOrigin of the case The investigation was initiated following a complaint from an insurance company (Poste Vita) customer who complained about the unlawful disclosure of personal data to an unauthorised third party who had then used it in legal proceedings. The data related to three life insurance policies held by the complainant.Key Findings During the investigation, the Italian Supervisory Authority (SA) verified that the data breach had occurred due to a series of errors committed by the company's operators. They had responded to requests for information regarding the data subject's polic