Borsa Tokyo apre poco variata (+0,16%) (Mon, 20 Jan 2020)
>> Continua a leggere

Comitato europeo per la protezione dei dati

London pharmacy fined after “careless” storage of patient data (Fri, 20 Dec 2019)
The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people. Documents, some of which had not been appropriately protected against the elements and were therefore water damaged, were dated between June 2016 and June 2018. Failing to process data in a manner that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage is an infringement of the General Data Protection Regulations (GDPR). The ICO launched its investigation into Doorstep Dispensaree after it was alerted to the insecurely stored documents by the Medicines and Healthcare Products Regulatory Agency, which was carrying out its own separate enquiry into the pharmacy. Steve Eckersley, Director of Investigations at the ICO said: The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect. In setting the fine, the ICO only considered the contravention from 25 May 2018, when the GDPR came into effect. Doorstep Dispensaree has also been issued an enforcement notice due to the significance of the contraventions and ordered to improve its data protection practices within three months. Failure to do so could result in further enforcement action. Full details of the investigation can be found in the Monetary Penalty Notice here. For further information, please contact ICO:  Notes to Editors This is the first fine issued by the Information Commissioner’s Office under the General Data Protection Regulation, which came into effect on 25 May 2018. Special category data is personal data that needs more protection because it is sensitive. For example, health data, information about your sexuality, religion or political beliefs. More information can be found here. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. For more information, see our Regulatory Action Policy. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to
>> Continua a leggere

BfDI imposes Fines on Telecommunications Service Providers (Wed, 18 Dec 2019)
The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a fine of EUR 9.550.000 on the telecommunications service provider 1&1 Telecom GmbH. The company did not provide sufficient technical and organizational measures to prevent unauthorized persons from being able to obtain customer information via the customer hotline service. In another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner Ulrich Kelber said: “Data protection is the protection of fundamental rights. The fines imposed are a clear sign that we will enforce this protection of fundamental rights. The European General Data Protection Regulation (GDPR) gives us the opportunity to decisively punish insufficient safeguarding of personal data. We apply these powers while taking into account the required proportionality.” In the case of 1&1 Telecom GmbH, the BfDI had become aware that persons calling the company’s customer service hotline could obtain extensive information about further personal data merely by providing a customer’s name and date of birth. The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company to take appropriate technical and organisational measures to systematically protect the processing of personal data. After the BfDI had criticised the insufficient data protection, 1&1 Telecom GmbH proved to be understanding and highly cooperative. As a first step, the authentication procedure was strengthened by requesting additional information. As a further step, following consultation with the BfDI, 1&1 Telecom GmbH is currently in the process of introducing a new authentication procedure which is significantly improved in terms of technology and data protection. Notwithstanding those measures, it was necessary to impose a fine. Among other things, the infringement was not limited to a small number of customers, but posed a risk for the entire customer base. However, the BfDI remained in the lower range of possible fines as 1&1 Telecom GmbH proved to be very cooperative throughout the whole procedure. The BfDI is also currently investigating the authentication procedures of other telecommunications service providers. In another context proceedings against the telecommunications provider Rapidata GmbH were required, because despite repeated requests, the company failed to comply with its legal requirement under Article 37 of the GDPR to appoint an internal data protection officer. When imposing the 10.000 Euro fine, the fact was taken into account that the company is belonging to the category of micro-enterprises. For further information, please contact the German SA:
>> Continua a leggere

Gli ultimi articoli dell'Avv. Emiliano Vitelli

Le slide del Convegno sul GDPR tenuto dall'Avv. Emiliano Vitelli il 28 iugno 2017, con focus sul data breach QUI

Pubblicato il libro sulla nuova legge sul Cyberbullismo con un contributo dell'avv. Emiliano Vitelli sugli aspetti inerenti il processo penale monirile.

Le slide del corso di formazione tenuto dall'Avv. Vitelli presso il Comune di Grottaferrata in materia di delitti contro la pubblica amministarzione e riforma sull'anticorruzione QUI

Le dispense sintetiche del corso sul Codice amministrativo digitale tenuto dall'Avv. Emiliano Vitelli persso l'ATER di Roma per conto di Manpower Formazione Srl QUI

L'11 ed il 12 dicembre 2014 l'Avv. Vitelli è stato docente per il corso di Analisi dei rischi ed Business Impact Analysis organizzato da Ithum S.r.l

8 aprile 2014 - Università di Roma "La Sapienza"

Furto di identità attuali strumenti di tutela e le principali criticità.


Stampa Stampa | Mappa del sito
© 2016 - 2019 Studio Legale Vitelli - Via Satrico n. 14, 04100 Latina