The president of the National Supervisory Authority for Personal Data Processing, Mrs. Anca Opre, disposed the application of a fine in the amount of 20.000 lei to the Office of Public Notary P.O.O for the infringement of its measures for the security and confidentiality of the personal data processing. This deed constitutes the contravention of “failure to comply with the obligations on confidentiality and security measures”, provided by Article 33 of Law no. 677/2001.
During the investigation it was ascertained that the data controller did not adopt sufficient measures for security and confidentiality in order to ensure the protection of personal data of its clients, employees and collaborators (including sensitive data) against the disclosure and unauthorized access, as well as against any form of illegal processing, which conducted to the disclosure on the Internet of the personal data, this way infringing the provisions of Article 19 and Article 20 of Law no. 677/2001.
We state that any data controller is obliged to apply adequate technical and organizational measures in order to protect the personal data against the accidental or illegal destruction, loss, alteration, unauthorized disclosure or access, especially if that particular processing is referring to transmissions of data within a network, as well as against any form of illegal processing.
Taking into consideration the risks upon the private life of a significant number of persons, the National Supervisory Authority for Personal Data Processing disposed, also, the data controller sanctioned to elaborate a security policy on the minimum requirements for the security of the personal data processing and to perform training for its personnel on the adopted security measures.
Legal and Communication Office
19 september 2013