Insufficiency meets Punishment: Polish DPA issues largest fine for Insufficient Security and Organisational Measures
By Cameron Abbott and Max Evans
Further to the Facebook and Tesco scandals, and the apparent statistic increase of enforcement fines issued, the Polish Data Protection Authority has issued a landmark fine of €645,000 against online retail company morele.net for insufficient security and organisational measures violating data confidentiality and integrity principles prescribed in the EU’s General Data Protection Regulation.
In particular, insufficient technical security measures, inadequate authentication methods and a lack of additional security solutions were attributed to the theft of information relating to over 2.2 million natural persons registered in the databases of the specified retailers.
For a detailed analysis of the relevant breach, and a comprehensive outline of lessons learned for businesses handling personal information, we refer you to Volume 1 of our colleagues’ publication, The Privacist available at the K&L Gates Hub.