Health Service Executive – €65,000 Fine (Ireland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Health Service Executive in Ireland was fined for not properly disposing of personal documents, leading to a data breach. This matters because it shows the importance of securely handling sensitive information to protect people's privacy.
What happened
The Health Service Executive failed to properly dispose of documents containing personal data, resulting in a data breach.
Who was affected
Patients whose personal information was included in the improperly disposed documents were affected.
What the authority found
The Data Protection Commission found that the Health Service Executive did not take adequate measures to protect personal data, violating GDPR's security requirements.
Why this matters
This case highlights the need for companies to have strong data protection practices in place. Small businesses should ensure they securely dispose of any documents containing personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The Irish Data Protection Commission (DPC) commenced inquiry IN-19-9-1 in respect of one personal data breach notified by the HSE to the DPC. The personal data breach occurred when documentation containing the personal data of 78 individuals, including special category personal data in respect of 6 of those data subjects, were disposed of in a public recycling centre. The list was created in Cork University Maternity Hospital, but was discovered by a member of the public in a public recycling area in Cork County.One personal data breach has been notified by the HSE to the DPC. The personal data breach occurred when documentation containing the personal data of 78 individuals, including special category personal data in respect of 6 of those data subjects, were disposed of in a public recycling centre. The list was created in Cork University Maternity Hospital, but was discovered by a member of the public in a public recycling area in Cork County. The decision found that the HSE infringed Articles 5(1)(f) and 32(1) of the GDPR by failing to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by its use and disposal of hardcopy documents containing patients’ personal data.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Health Service Executive in IE
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Health Service Executive - Ireland (2020). Retrieved from cookiefines.eu
Last updated: