ResourcesMay 30, 2022Italian Garante sanctions a public administration for insufficient cybersecurity measures

The Italian DPA (Garante per la protezione dei dati personali) has sanctioned the public administration INAL with a €50,000 fine for three recorded incidents that resulted in unauthorized access to sensitive data of some beneficiaries. The Garante underlines that all public bodies, in particular those with relevant institutional duties, must adopt adequate technical and organizational measures to avoid violations of personal data. This obligation stems from the principle of accountability required by the GDPR. The DPA investigation revealed that on at least three different occasions, the “Workers Virtual Desk” managed by the institution allowed some users to accidentally consult the files of other users. Find the decision, in Italian, here.