The balance of the inspection activity of the Privacy Guarantor

196 inspections, sanctions for over 2 and a half million of Euros already collected by the Treasury, 24 reports to the judicial authority. This is, in brief, the balance of the inspection and sanctionary activity of the Privacy Guarantor in the first six months of the year, from which it emerges, basically, that scarce information is given to users on the use of personal details made by the public administration and privates, that there is still much illegal data processing and that poor attention is given to safety measures.

The assessments, carried out also with the collaboration of the Special Units of the Finance Guard – Privacy Special Division, have regarded, in particular, mobile payment, medical apps, telemarketing carried out by call centers operating abroad, real estate brokerage, hotel facilities, e-commerce, the control of the safety measures of users of telecommunication networks and the Internet, data transfer towards extra EU countries.

Of particular importance is the inspection activity carried out at the main Italian Internet hubs (Ixp) in order to verify the level of protection of personal details that transit in them and the degree of safety of electronic communications in our country.

In addition to those programmed, further inspection assessments have been made in the field of urgent investigations initiated by the Authorities and have concerned public bodies, healthcare businesses, and companies that commercialize databases. In the course of the semester, further, 299 sanctionary proceedings have been set out, mostly due to failure to give notice of the privacy policy and to illegal data processing, and, for the first time, a sanction has been provided to a telephony company because it has not promptly reported to the Guarantor and has omitted to report users a safety violation of personal details (data breach), thus not complying with the obligation to communicate recently imposed by the regulations in this regard.

Among the hypotheses of offenses reported to the judiciary, there prevail cases of lack of adoption of the minimum safety measures and violations of the workers’ Statute.

Also the inspection program for the second semester of 2014 has been launched, which foresees both the prosecution of the controls already initiated and the identification of new intervention fields. The attention of the Guarantor will be focused, in particular, on the data processing made by General Practitioners, pediatricians, bank institutions, credit recovery companies, public administration offices that provide users with Internet access through free wi-fi networks, on the adoption of the safety measures to protect sensitive data dealt with by public and private subjects.
Two hundred inspections are foreseen that will be carried out also in collaboration with the Privacy Special Division of the Finance Guard. As per doctors and pediatricians, the assessments shall check, among other things, the use of programs that foresee the conservation of sensitive data with third parties and the eventual sharing thereof, while for the bank sector the respect of the rules set by the Guarantor on the traceability of the operations shall be controlled.

(from the Privacy Guarantor Newsletter of 17.09.2014 no. 392)