Personal Data: sanction to the government of San Juan for breach of personal data.
Data Privacy & Data Protection Department | Personal Data: sanction to the government of San Juan for breach of personal data
The National Directorate for the Protection of Personal Data (“DNPDP”), dependent on the Agency for Access to Public Information (“AAPI”), by Resolution No. 64/2021 (the “Resolution”) sanctioned the Ministry of Health of the province of San Juan for the breach of personal data of 115 thousand people who had applied for a driving license. This information had been exposed online due to a security breach in the website through which the permit was processed, which was disclosed in August 2020.
The DNPDP stated in the Resolution that “it was verified that the MINISTRY OF HEALTH (SJ) promptly activated the protocols of its technical areas to provide a solution to the vulnerability and mitigate its effects. Likewise, it was understood that, given the present pandemic context, it is necessary to contemplate the urgent need that the Province of San Juan – together with the entire Federal Republic of Argentina – is going through to allocate as much of its public funds as possible to the management of the economic and health crisis, in order to care for the health of its citizens”.
As a consequence, the Director of the DNPDP resolved to apply a sanction to the Ministry of Health of the Province of San Juan consisting of two warnings for having incurred in two serious breaches consisting of: “[m]aintaining local databases, programs or equipment containing personal data without the proper security conditions to be determined by regulation”, and “failing to comply with the duty of confidentiality required by Section 10 of Law No. 25,326 on personal data incorporated into records, files, banks or databases”.
Click here to access the full text of the Resolution.