Azienda Ospedaliero Universitaria Senese – €50,000 Fine (Italy, 2021)

€50,000Garante per la protezione dei dati personali27 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A hospital in Siena was fined EUR 50,000 by Italy's data protection authority for sending a couple's medical report to the wrong person. The report included sensitive information about their health and personal life. This incident stresses the need for careful handling of personal data in healthcare settings.

What happened

A hospital in Siena sent a couple's medical report to an unrelated third party by mistake.

Who was affected

A couple whose medical report, including sensitive health and personal information, was disclosed to someone else.

What the authority found

The Italian authority determined that the hospital failed to adequately protect sensitive personal data, breaching GDPR requirements.

Why this matters

This case highlights the importance of secure data handling practices in healthcare. It serves as a warning to hospitals and similar institutions about the potential consequences of data mishandling.

GDPR Articles Cited

Art. 9(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliero Universitaria Senese actions
Full Legal Summary
Detailed

The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria Senese EUR 50,000. The controller, a hospital, had reported to the Italian DPA that a couple's medical report had been mistakenly sent to an uninvolved third party. The report contained information about a genetic consultation and the health status and sex life of the data subjects. The incident occurred due to an error in packaging the letter, according to a statement from the controller.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedaliero Universitaria Senese in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Enforcement Tracker ID

ETid-560

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedaliero Universitaria Senese - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: