Bank of Italy – Violation Found (Italy, 2022)
The Bank of Italy accidentally shared the email addresses of 500 job applicants by using the wrong email setting. This mistake breached privacy rules because there was no legal reason to share this personal information. Although no fine was issued, the incident highlights the importance of proper data handling practices.
What happened
An employee at the Bank of Italy mistakenly disclosed the email addresses of 500 job applicants by using the CC field instead of BCC.
Who was affected
Job applicants whose email addresses were shared with other applicants.
What the authority found
The Italian DPA found that the Bank of Italy violated GDPR by sharing personal data without a legal basis.
Why this matters
This case underscores the need for companies to ensure proper handling of personal data, even in simple tasks like sending emails. It serves as a reminder to review internal procedures and train staff to prevent privacy breaches.
GDPR Articles Cited
The incident involved accidental disclosure of email addresses, unrelated to cookies or consent issues.
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Bank of Italy in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
23 February 2022
Authority
Garante per la protezione dei dati personali
GDPRhub ID
gdprhub-5774About this data
Cite as: Cookie Fines. Bank of Italy - Italy (2022). Retrieved from cookiefines.eu
Last updated: