https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&feed=atom&action=history
UODO (Poland) - DKN.5131.3.2021 - Revision history
2024-03-29T14:03:36Z
Revision history for this page on the wiki
MediaWiki 1.39.6
https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=17033&oldid=prev
SR: /* Holding */
2021-07-07T12:13:34Z
<p><span dir="auto"><span class="autocomment">Holding</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:13, 7 July 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l70">Line 70:</td>
<td colspan="2" class="diff-lineno">Line 70:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Holding ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Holding ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine of approximately € 35,387 EUR (PLN 160,000) on the insurer, Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A, for failure to report <del style="font-weight: bold; text-decoration: none;">a </del>breach of personal data protection. In addition, the insurer was fined for not notifying data subjects about the breach, which was also required by the supervisory authority. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine of approximately € 35,387 EUR (PLN 160,000) on the insurer, Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A, for failure to report <ins style="font-weight: bold; text-decoration: none;">the </ins>breach of personal data protection. In addition, the insurer was fined for not notifying data subjects about the breach, which was also required by the supervisory authority. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The DPA explained that a breach of data confidentiality in connection with a breach of personal data protection - through the sharing of documents with unauthorized recipient which contained: the calculation of an insurance premium, PESEL number, information about the proposed period of insurance, the subject of insurance (house), the sum insured, as well as the name, town and postal code of the data subject - amounts to a high risk of infringement of the rights or freedoms of natural persons. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The DPA explained that a breach of data confidentiality in connection with a breach of personal data protection - through the sharing of documents with unauthorized recipient which contained: the calculation of an insurance premium, PESEL number, information about the proposed period of insurance, the subject of insurance (house), the sum insured, as well as the name, town and postal code of the data subject - amounts to a high risk of infringement of the rights or freedoms of natural persons. </div></td></tr>
<!-- diff cache key gdprwiki:diff::1.12:old-17024:rev-17033 -->
</table>
SR
https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=17024&oldid=prev
RRA at 10:56, 7 July 2021
2021-07-07T10:56:12Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 10:56, 7 July 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l54">Line 54:</td>
<td colspan="2" class="diff-lineno">Line 54:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA fined an insurance company approximately €35,387 EUR (PLN 160,000) for failing to notify a personal data <del style="font-weight: bold; text-decoration: none;">breach </del>breach to the DPA, as well communicate it to the relevant data subjects. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA fined an insurance company approximately €35,387 EUR (PLN 160,000) for failing to notify a personal data breach to the DPA, as well communicate it to the relevant data subjects. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td></tr>
</table>
RRA
https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=17017&oldid=prev
RRA at 10:09, 7 July 2021
2021-07-07T10:09:43Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 10:09, 7 July 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l54">Line 54:</td>
<td colspan="2" class="diff-lineno">Line 54:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA <del style="font-weight: bold; text-decoration: none;">imposed </del>an <del style="font-weight: bold; text-decoration: none;">administrative fine of </del>approximately <del style="font-weight: bold; text-decoration: none;">€ 35</del>,387 EUR (PLN 160,000) <del style="font-weight: bold; text-decoration: none;">on an insurance company </del>for failing to <del style="font-weight: bold; text-decoration: none;">report </del>a breach <del style="font-weight: bold; text-decoration: none;">of personal </del>data <del style="font-weight: bold; text-decoration: none;">protection</del>. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA <ins style="font-weight: bold; text-decoration: none;">fined </ins>an <ins style="font-weight: bold; text-decoration: none;">insurance company </ins>approximately <ins style="font-weight: bold; text-decoration: none;">€35</ins>,387 EUR (PLN 160,000) for failing to <ins style="font-weight: bold; text-decoration: none;">notify </ins>a <ins style="font-weight: bold; text-decoration: none;">personal data </ins>breach <ins style="font-weight: bold; text-decoration: none;">breach to the DPA, as well communicate it to the relevant </ins>data <ins style="font-weight: bold; text-decoration: none;">subjects</ins>. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td></tr>
</table>
RRA
https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=16914&oldid=prev
NN at 09:50, 5 July 2021
2021-07-05T09:50:29Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 09:50, 5 July 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l54">Line 54:</td>
<td colspan="2" class="diff-lineno">Line 54:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>}}</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine <del style="font-weight: bold; text-decoration: none;">on the insurer in the amount </del>of <del style="font-weight: bold; text-decoration: none;">almost </del>PLN 160,000<del style="font-weight: bold; text-decoration: none;">. PLN (approx. 35,387 EUR</del>) for <del style="font-weight: bold; text-decoration: none;">failure </del>to report a breach of personal data protection. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine of <ins style="font-weight: bold; text-decoration: none;">approximately € 35,387 EUR (</ins>PLN 160,000) <ins style="font-weight: bold; text-decoration: none;">on an insurance company </ins>for <ins style="font-weight: bold; text-decoration: none;">failing </ins>to report a breach of personal data protection. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== English Summary ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Facts ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Facts ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The DPA was notified of <del style="font-weight: bold; text-decoration: none;">the </del>data breach situation by an insurance brokerage company. The company played <del style="font-weight: bold; text-decoration: none;">a dual role </del>in data processing. On the one hand, it was a data controller, and on the other hand, a processor acting for insurance companies<del style="font-weight: bold; text-decoration: none;">. The infringement consisted in sending by e-mail to an inappropriate recipient an analysis of insurance needs and an insurance offer containing data such as name, surname, PESEL number, town, postal code or information about the subject of insurance. The entity, being the controller of the name and surname data, decided to report the breach of personal data protection to the Polish DPA in relation to the disclosed personal data contained in the attachments. It considered that the combination of this data, in conjunction with the data contained in the attached documents, could result in a breach resulting in a risk of infringement of an individual's rights or freedoms. The erroneously sent correspondence contained personal data contained in quotes and calculations from several insurance companies. The infringer acted at the same time as the processor of the insurance companies and therefore notified them of the breach. The verification carried out by the Polish DPA revealed that in connection with the incident, several insurance companies, as data controllers, had notified the data breach. No such notification was received from Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A (“Company”). The Company has conducted an assessment of the risks to the rights and freedoms of individuals based on which it has concluded that it is not obliged to report the data breach to the DPA or to inform data subjects of the data breach</del>.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The DPA was notified of <ins style="font-weight: bold; text-decoration: none;">a </ins>data breach situation by an insurance brokerage company. The company played <ins style="font-weight: bold; text-decoration: none;">two roles </ins>in data processing. On the one hand, it was a data controller, and on the other hand, a processor acting for insurance companies. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">=== Dispute ===</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The </ins>data breach <ins style="font-weight: bold; text-decoration: none;">involved emails containing identifying </ins>data <ins style="font-weight: bold; text-decoration: none;">being sent to </ins>the <ins style="font-weight: bold; text-decoration: none;">wrong recipients. The emails contained analyses </ins>of <ins style="font-weight: bold; text-decoration: none;">insurance needs and </ins>an insurance <ins style="font-weight: bold; text-decoration: none;">offer referencing name, surname</ins>, PESEL number, town<ins style="font-weight: bold; text-decoration: none;">, </ins>postal code and <ins style="font-weight: bold; text-decoration: none;">other </ins>information about the <ins style="font-weight: bold; text-decoration: none;">subject </ins>of insurance<ins style="font-weight: bold; text-decoration: none;">. </ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">Whether a breach of </del>data <del style="font-weight: bold; text-decoration: none;">confidentiality in connection with a </del>breach <del style="font-weight: bold; text-decoration: none;">of personal </del>data <del style="font-weight: bold; text-decoration: none;">protection involving </del>the <del style="font-weight: bold; text-decoration: none;">sending of a document with the calculation </del>of an insurance <del style="font-weight: bold; text-decoration: none;">premium to an unauthorized recipient</del>, <del style="font-weight: bold; text-decoration: none;">in particular data concerning the </del>PESEL number <del style="font-weight: bold; text-decoration: none;">together with the name</del>, town <del style="font-weight: bold; text-decoration: none;">and </del>postal code <del style="font-weight: bold; text-decoration: none;">of the data subject </del>and information about the <del style="font-weight: bold; text-decoration: none;">proposed period </del>of insurance, the <del style="font-weight: bold; text-decoration: none;">subject </del>of <del style="font-weight: bold; text-decoration: none;">insurance (house)</del>, the <del style="font-weight: bold; text-decoration: none;">sum insured/guaranteed in the amount appropriate </del>to the <del style="font-weight: bold; text-decoration: none;">selected variant and </del>the <del style="font-weight: bold; text-decoration: none;">amount </del>of <del style="font-weight: bold; text-decoration: none;">premium appropriate to </del>the <del style="font-weight: bold; text-decoration: none;">selected variant of insurance</del>, <del style="font-weight: bold; text-decoration: none;">results </del>in a <del style="font-weight: bold; text-decoration: none;">high </del>risk of infringement of the rights or <del style="font-weight: bold; text-decoration: none;">freedoms </del>of <del style="font-weight: bold; text-decoration: none;">natural persons</del>.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The insurance brokerage company</ins>, <ins style="font-weight: bold; text-decoration: none;">as </ins>the <ins style="font-weight: bold; text-decoration: none;">controller </ins>of <ins style="font-weight: bold; text-decoration: none;">the name and surname data</ins>, <ins style="font-weight: bold; text-decoration: none;">decided to report </ins>the <ins style="font-weight: bold; text-decoration: none;">breach of personal data protection </ins>to the <ins style="font-weight: bold; text-decoration: none;">Polish DPA. The company considered that </ins>the <ins style="font-weight: bold; text-decoration: none;">combination </ins>of <ins style="font-weight: bold; text-decoration: none;">this data, in conjunction with the data contained in </ins>the <ins style="font-weight: bold; text-decoration: none;">attached documents</ins>, <ins style="font-weight: bold; text-decoration: none;">could result in a breach resulting </ins>in a risk of infringement <ins style="font-weight: bold; text-decoration: none;">of an individual's rights or freedoms. The erroneously sent correspondence contained personal data contained in quotes and calculations from several insurance companies. </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Investigation carried out by the Polish DPA revealed that in connection with the incident, several insurance companies, including data controllers, had notified them </ins>of <ins style="font-weight: bold; text-decoration: none;">the data breach. However, no such notification was received from Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A (“Company”). </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The Company had conducted an assessment of the risks to </ins>the rights <ins style="font-weight: bold; text-decoration: none;">and freedoms of individuals resulting from the breach, based on which it concluded that it was not obliged to report the data breach to the DPA </ins>or <ins style="font-weight: bold; text-decoration: none;">to inform data subjects </ins>of <ins style="font-weight: bold; text-decoration: none;">the data breach</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Holding ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Holding ===</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine <del style="font-weight: bold; text-decoration: none;">on the insurer in the amount </del>of <del style="font-weight: bold; text-decoration: none;">almost </del>PLN 160,000. <del style="font-weight: bold; text-decoration: none;">PLN (approx. 35</del>,<del style="font-weight: bold; text-decoration: none;">387 EUR) </del>for failure to report a breach of personal data protection. In addition, the insurer was fined for not notifying <del style="font-weight: bold; text-decoration: none;">the </del>data <del style="font-weight: bold; text-decoration: none;">subject </del>about the breach, which was also required by the supervisory authority. </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The Polish DPA imposed an administrative fine of <ins style="font-weight: bold; text-decoration: none;">approximately € 35,387 EUR (</ins>PLN 160,000<ins style="font-weight: bold; text-decoration: none;">) on the insurer, Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S</ins>.<ins style="font-weight: bold; text-decoration: none;">A</ins>, <ins style="font-weight: bold; text-decoration: none;"> </ins>for failure to report a breach of personal data protection. In addition, the insurer was fined for not notifying data <ins style="font-weight: bold; text-decoration: none;">subjects </ins>about the breach, which was also required by the supervisory authority. </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The DPA explained that a breach of data confidentiality in connection with a breach of personal data protection - through the sharing of documents with unauthorized recipient which contained: the calculation of an insurance premium, PESEL number, information about the proposed period of insurance, the subject of insurance (house), the sum insured, as well as the name, town and postal code of the data subject - amounts to a high risk of infringement of the rights or freedoms of natural persons. </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">High risk of harm to the rights or freedoms of natural persons exists where the breach is likely to lead to physical harm or damage to the property or non-property of the individuals whose data has been breached. Examples of such damage includes discrimination, identity theft or falsification, financial loss and damage to reputation. According to the DPA, there is no doubt that the cited examples of damage, given the scope of the data covered by this data protection breach, may occur in the present case. Such a data breach must consequently be reported. </ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Comment ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Comment ==</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">According to the Polish DPA, the personal data breach in question creates a high risk of harm to the rights or freedoms of natural persons. This risk exists where the breach is likely to lead to physical harm or property or non-property damage to the individuals whose data has been breached. Examples of such damage include discrimination, identity theft or falsification, financial loss and damage to reputation. According to the DPA, there is no doubt that the cited examples of damage, given the scope of the data covered by this data protection breach, including PESEL number along with name and financial/property information, may occur in the present case.</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Further Resources ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Further Resources ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>''Share blogs or news articles here!''</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>''Share blogs or news articles here!''</div></td></tr>
</table>
NN
https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=16896&oldid=prev
Maciejn: Created page with "{{DPAdecisionBOX |Jurisdiction=Poland |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoPL.png |DPA_Abbrevation=UODO (Poland) |DPA_With_Country=UODO (Poland) |Case_Number..."
2021-07-04T10:44:22Z
<p>Created page with "{{DPAdecisionBOX |Jurisdiction=Poland |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoPL.png |DPA_Abbrevation=UODO (Poland) |DPA_With_Country=UODO (Poland) |Case_Number..."</p>
<a href="https://gdprhub.eu/index.php?title=UODO_(Poland)_-_DKN.5131.3.2021&diff=16896">Show changes</a>
Maciejn