7.8 C
Saturday, April 13, 2024

The bank decided that nothing had happened. The Chairman of the Office for Personal Data Protection, on the contrary, imposed a fine.

Must read

Someone stole a package containing Santander bank customer data. The honest finder returned the package to the police, so the bank decided that nothing bad had happened and took no action: it did not inform either the people whose data was in the package or the president of the Office for Personal Data Protection. However, he noticed a violation of the regulations and decided to impose a fine.

A package from the bank containing customer details, including: first and last names, dates of birth, bank account numbers, addresses and contact details, PESEL numbers, was stolen from the courier company and abandoned. The honest finder took it to the police. The bank was informed about the incident, but did not initiate any procedures related to the violation of personal data protection. When asked by the President of the Office for Personal Data Protection why he did not respond, he explained in an official letter that he did not see any need for this. She assured the police that he did not copy the data found in the package. Bank Santander considered the case invalid.

Bank Santander did not report a leak of personal data

Such a careless approach to the topic could cost the bank 1.44 million zlotys. The Chairman of the Office for Personal Data Protection, Miroslav Vrublevsky, decided to apply such a punishment. In the decision, he emphasized that in the event of a data protection violation, “the assessment of the risk of violation of the rights and freedoms of an individual must be made through the prism of the person at risk, and not the interests of the person himself.” controller”. He added that the failure to notify those affected by the hack (and the bank did not contact the people whose data was included in the stolen cargo) deprives them of the opportunity to make whatever response they consider appropriate in the given situation.

Bank Santander did not inform not only its clients, but also the Office for Personal Data Protection. The president of this institution learned about the unpleasant situation from the media.

“Failure to notify the Chairman of the Office for the Protection of Personal Data about a violation of personal data protection deprives the supervisory authority of the opportunity to adequately respond to the violation, that is, to assess the risk of violation of the rights and freedoms of an individual, but also the opportunity to check whether the controller has taken appropriate measures to eliminate the violation and minimize negative consequences ” consequences for data subjects. Then the authority will not be able to assess whether the administrator has applied appropriate security measures to minimize the risk of recurrence of the violation,” the decision explains.

The Chairman of the Office for Personal Data Protection decided to fine Santander Bank in the amount of PLN 1.44 million and ordered it to notify persons whose data protection was violated as a result of the incident.

Designed by: Martina Koska
Source: Directly
  • Companies and markets
  • Economy

Source: Wprost

More articles


Please enter your comment!
Please enter your name here

Latest article