Azienda Socio Sanitaria Territoriale Ovest Milanese – €12,000 Fine (Italy, 2023)

€12,000Garante per la protezione dei dati personali18 July 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda Socio Sanitaria Territoriale Ovest Milanese was fined €12,000 for mishandling patient data. They mistakenly shared health records with the wrong patient and sent a group email revealing other recipients' addresses. This case highlights the importance of protecting sensitive information in healthcare.

What happened

Azienda Socio Sanitaria Territoriale Ovest Milanese mishandled patient health records and sent emails disclosing recipients' addresses.

Who was affected

Patients whose health information was incorrectly shared or exposed in emails.

What the authority found

The Italian DPA found that the company failed to adequately protect personal data, violating GDPR's requirements for data security.

Why this matters

This ruling emphasizes the need for healthcare providers to strengthen their data protection practices. It serves as a reminder for all companies to prioritize privacy and security in handling personal information.

GDPR Articles Cited

Art. 9(GDPR)
Art. 32(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Socio Sanitaria Territoriale Ovest Milanese actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 12,000 on Azienda Socio Sanitaria Territoriale Ovest Milanese. The controller had suffered data breaches that affected the privacy of several data subjects. For example, a patient's health records were given to the wrong patient. In addition, the controller had sent an email regarding Covid-19 behavior in multiple scelrose patients to 198 recipients, allowing all recipients to openly view the other email addresses. In addition, the controller sent an invitation for a disability assessment to the wrong person.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Socio Sanitaria Territoriale Ovest Milanese in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

18 July 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€12,000

Enforcement Tracker ID

ETid-2054

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Socio Sanitaria Territoriale Ovest Milanese - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: