Azienda Ospedaliero-Universitaria Careggi di Firenze – €9,000 Fine (Italy, 2022)

€9,000Garante per la protezione dei dati personali20 October 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A healthcare facility in Italy, Careggi di Firenze, was fined €9,000 for sending a patient's medical records to the wrong person. This is important because it shows the need for strong data protection practices in healthcare to prevent privacy breaches. Businesses should ensure they have effective systems to protect sensitive information.

What happened

Careggi di Firenze mistakenly sent a patient's medical records to another patient.

Who was affected

Patients whose medical records were incorrectly shared with others.

What the authority found

The Italian DPA ruled that Careggi di Firenze did not have adequate measures to protect personal data, violating GDPR's security requirements.

Why this matters

This case highlights the critical need for healthcare facilities to have robust data protection systems. It warns that inadequate security measures can lead to privacy violations and financial penalties.

GDPR Articles Cited

Art. 9(GDPR)
Art. 32(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliero-Universitaria Careggi di Firenze actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 9,000 on Azienda Ospedaliero-Universitaria Careggi di Firenze. The controller had mistakenly sent a patient medical record to the wrong patient. The DPA found that the healthcare facility had not taken sufficient technical and organizational measures to protect personal data, which allowed such an incident to occur.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedaliero-Universitaria Careggi di Firenze in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

20 October 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€9,000

Enforcement Tracker ID

ETid-1614

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedaliero-Universitaria Careggi di Firenze - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: