Italy’s DPA Fines Data Processor for Information Security Failures
Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures.
The DPA launched an investigation into the breach of various websites connected to the 5 Star Movement. At the conclusion of the investigation, the agency decided to hand out the penalty to the data controller, the Rousseau Association. The Garante also listed out responsibilities for Rousseau and the 5 Star Movement to carry out as a result of its findings.
Service providers should ensure that the data entrusted to them by their data controller customers is adequately protected. Some specific measures addressed by Garante:
conducting periodic vulnerability assessments
ensuring timely implementation of patches
requiring strong passwords
adopting secure network protocols and digital certificates to secure data in transit