Azienda USL Toscana Centro – €10,000 Fine (Italy, 2022)

€10,000Garante per la protezione dei dati personali10 March 2022Italy
final
ePrivacy
Fine

Azienda USL Toscana Centro was fined for sending medical records to the wrong patients, which is a serious privacy breach. The investigation revealed that the healthcare provider did not have adequate security measures in place to protect sensitive data. This case reminds healthcare providers to prioritize data security to protect patient information.

What happened

Azienda USL Toscana Centro mistakenly sent patient medical records to incorrect recipients.

Who was affected

Patients whose medical records were incorrectly sent to others by Azienda USL Toscana Centro.

What the authority found

The DPA found that Azienda USL Toscana Centro failed to implement sufficient security measures to protect personal data.

Why this matters

This case highlights the need for healthcare organizations to strengthen their data protection practices. It serves as a reminder that even small lapses can lead to significant privacy violations and fines.

GDPR Articles Cited

Art. 9 GDPR
Art. 32 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda USL Toscana Centro actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 10,000 on Azienda USL Toscana Centro. The DPA initiated an investigation against the controller after it reported a data breach under Art. 33 GDPR. The controller had mistakenly sent patient medical records to the wrong patients. The DPA therefore found that the health care facility had not taken sufficient technical and organisational measures to protect personal data.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda USL Toscana Centro in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

10 March 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1127

GDPRhub ID

gdprhub-4880

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda USL Toscana Centro - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: