Azienda USL Toscana Centro – €10,000 Fine (Italy, 2022)

€10,000Garante per la protezione dei dati personali10 March 2022Italy
final
ePrivacy
Fine

Azienda USL Toscana Centro was fined €10,000 after mistakenly sending medical records to the wrong patients. The Italian DPA found that the healthcare facility did not have enough security measures to protect patient data. This case emphasizes the need for strong data protection practices in healthcare.

What happened

Azienda USL Toscana Centro sent patient medical records to incorrect recipients due to inadequate data protection measures.

Who was affected

Patients whose medical records were incorrectly sent to others by Azienda USL Toscana Centro.

What the authority found

The DPA determined that the healthcare facility failed to implement sufficient technical and organizational measures to safeguard personal data.

Why this matters

This ruling highlights the critical importance of data security in healthcare settings. Organizations must prioritize protecting sensitive information to avoid breaches and penalties.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 32(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(1)(f) GDPR
Art. 9(GDPR)
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda USL Toscana Centro actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 10,000 on Azienda USL Toscana Centro. The DPA initiated an investigation against the controller after it reported a data breach under Art. 33 GDPR. The controller had mistakenly sent patient medical records to the wrong patients. The DPA therefore found that the health care facility had not taken sufficient technical and organisational measures to protect personal data.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda USL Toscana Centro in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

10 March 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda USL Toscana Centro - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: