2.8 C
Monday, November 29, 2021

Bank Millennium was fined for failing to report a personal data breach – UODO

Must read

- Advertisement -

The Office for Personal Data Protection imposed a fine of almost PLN 364 thousand on Bank Millennium. The reason is the failure to report the breach of personal data protection and the failure to fully notify people about the event – the authority said in a message.

The Personal Data Protection Office learned about the breach of data protection from a complaint against Bank Millennium. “It showed that the courier company lost the correspondence with personal data, such as: name, surname, PESEL number, registered address, bank account numbers, identification number assigned to the bank’s customers” – we read in the Office’s announcement.

As noted, the complainants were notified of this fact by Bank Millennium, “but the information on this subject was not sufficient – it did not meet the requirements set out in the GDPR”. “In the course of the case, it turned out that the data controller did not fulfill its obligations in connection with the breach of personal data protection. The Bank concluded that the risk of negative consequences for the persons affected by the breach was medium, therefore it did not report this breach to the supervisory authority and did not implement it. full obligation to notify data subjects “- provided the Personal Data Protection Office.

As explained in the communication, “incidents should be reported to the Personal Data Protection Office (UODO) where there is a probability (higher than low) of a harmful (negative) impact on the rights or freedoms of data subjects”. When this risk is high, the breach must also be notified to the data subjects.

The Office indicated that these risks include, for example, identity theft or falsification, loss of finances, and breach of reputation. “The wide range of data contained in the correspondence may expose persons affected by this incident to such consequences” – assessed the Personal Data Protection Office.

- Advertisement -


Bank Millennium fined by the Personal Data Protection Office

Bank Millennium is to pay a fine of PLN 363,832. UODO explained that when deciding on the imposition of a fine, it took into account, inter alia, the fact that “in the course of the proceedings, Bank Millennium has still not fulfilled its obligations related to the breach, as well as the unsatisfactory level of cooperation with the supervisory authority, intention to act, and the nature and gravity of the breach”.

According to the Office, “the amount of the fine, in the opinion of the supervisory body, will fulfill a repressive function, as not only this administrator, but also others will properly fulfill the obligations related to data protection breaches”.

Main photo source: Shutterstock

Source link

More articles

- Advertisement -

Latest article