Italian National Social Security Institute (“INPS”) vs. anonymous – Violation Found (Italy, 2020)
Italy's data protection authority found that the INPS failed to properly notify individuals about a data breach that exposed personal and sensitive information. This case underscores the need for timely and direct communication to affected individuals when their data is compromised.
What happened
The INPS experienced a data breach that allowed unauthorized access to personal data, including health and work information.
Who was affected
Taxpayers whose personal and sensitive data was exposed through the INPS online portal.
What the authority found
The Garante ordered the INPS to directly notify affected individuals about the data breach, as the public announcement was insufficient.
Why this matters
This decision highlights the importance of direct communication with individuals affected by data breaches, reinforcing the need for transparency and accountability in handling personal data.
GDPR Articles Cited
The case involved a data breach leading to unauthorized access to personal data, not related to cookies or consent mechanisms.
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Italian National Social Security Institute (“INPS”) vs. anonymous in IT
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Italian National Social Security Institute (“INPS”) vs. anonymous - Italy (2020). Retrieved from cookiefines.eu
Last updated: