|
|
Chamber III of the Supreme Court has concluded that the obligation of companies to guarantee the security of files containing personal data of their clients is an obligation and not a means , although “the adoption and implementation of technical and organizational measures is required. , which in accordance with the state of technology and in relation to the nature of the processing carried out and the personal data in question, reasonably allow its alteration, loss, processing or unauthorized access to be avoided.
In a ruling for which Judge Diego Córdoba was the speaker , the Chamber confirms a fine of 40,000 euros imposed by the Data Protection Agency on a company that distributes telephone products, as responsible for a serious infraction by allowing unauthorized access. by third parties to at least 14 financing requests that included personal data of the clients (name and Phone Number Data surname, financial data, direct debit information and signature). Judge Diego Córdoba (Photo: Judicial Power) The National Court confirmed the sanction, and the Supreme Court admitted the company's appeal to answer the question of whether violations of the Data Protection Law due to failures in security measures that employees of a legal entity may commit .
They must be examined in light of the result and, therefore, attributed to the legal entity on which the employee depends, regardless of the means and prevention measures that could have been adopted. The Chamber answers that the obligation to adopt the necessary measures to guarantee the security of personal data cannot be considered an obligation of result , which implies that, if personal data is leaked to a third party, liability exists regardless of the measures adopted and the activity carried out by the person responsible for the file or processing.
|
|
發表於 12:48:06