The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
284 results were found for your search terms Sensitive data
Internet publication of the minutes of the Plenum of the City Council and the municipal godfather of inhabitants
CNS 34/2022
Personal data protection regulations do not prevent the dissemination of information relating to deceased persons. The minutes of the plenary sessions, with regard to the acts discussed, must be published in the electronic headquarters of the City Council without including specially protected data categories, or affecting honour or privacy or requiring special protection. In this case, the consent of those concerned should be made available so that the minutes can be disseminated, or the information anonymized should be disseminated. After 30 years, the provisions of Article 36 of Law 10/2001 may come into play. There is no legal basis for the dissemination, with a general scope, of the information contained in the municipal godparents of inhabitants on the city council website, without prejudice to the dissemination of the anonymized information of the godfather.
02/12/2022
Undue access to clinical history.
PS 43/2022
It is decided to sanction Badalona Health Services for the infringement of the principle of confidentiality, since the complained entity has confirmed that a worker from Badalona Municipal Hospital, managed by Badalona Health Services S.A, would have unduly accessed a third person's clinical history. The proposed sanction is EUR 2 000.
29/11/2022
Work reports, which include health data of the complainant, within the framework of a disciplinary procedure.
IP 424/2021
It is decided to file the present complaint, given that the accused City Council and, in particular, the Chief Inspector of the Local Police, included references to the data on the person's health reporting - who holds the status of local agent - since these were necessary to resolve the desirability of initiating a disciplinary file against him, for alleged withdrawal from service on health grounds. Thus, this Authority concludes that the processing of controversial personal data was covered by Article 6.1e) - processing carried out in the exercise of public powers - and that the circumstances provided for in Article 9.2 (f) and g) GDPR, which lift the prohibition on processing health data in Article 9.1 (GDPR).
24/11/2022
Possible access to medical data by administrative staff.
IP 429/2021
The complainant complains that they made him send medical documentation by email and that this would facilitate access to medical data by non-health administrative staff. RA is issued since this was an exceptional shipment since the patient requested urgent assistance by phone for the prescription of pain medication and since the last medical report was not yet included in the HC3, since the same one had been issued day at another medical center, he was asked to send it by e-mail in order to carry out the medical prescription. These emails are managed by the administrative staff entrusted with these functions and, moreover, management does not involve access to medical documentation; only if it becomes essential for the performance of its functions. Art. 16 Law 41/2022.
15/11/2022
Revelation of the complainant's health data by a co-worker.
IP 404/2021
RA is being prepared because the complainant was the one who in a workplace revealed his or her COVID (and his/her) results to other partners. He did so for organisational purposes. At the same time, his boss communicated the results (and those of his wife) to a colleague in charge of carrying out organizational functions. Although it was not necessary to disclose data on his wife's results, it would be disproportionate to hold the complainant responsible for this fact, when it was the complainant himself who revealed the information in a voluntary, trusted environment amongst colleagues. It should also be noted that the complainant confirmed that he had carried out an access audit and confirmed that there had been no access to the complainant's data.
15/11/2022
Legitimation for the treatment of the name meaning in relation to certain groups
CNS 30/2022
Since the regulation urges the Public Administration to facilitate the use of the "sense name" by trans persons (art. 23.1 Law 11/2014), the processing of this data is not excessive for the purposes of the principle of minimisation, and may be lawful if carried out on the legal basis of the consent of the person concerned. Treatment of the "sense name", as identifying data relating to a natural person's gender identity or expression, does not, in principle, involve processing data from special categories. The identification information of the person concerned must also be dealt with in official documents (DNI/NIE or passport), in order to ensure the identification and, among other things, the principle of the accuracy of the information and its traceability.
10/11/2022
Communication of pseudonymized patient data in the pharmaceutical laboratory providing medication
CNS 28/2022
The hospital could communicate pseudonymized data relating to the health of patients treated with medicines for compassionate use in the pharmaceutical laboratory that facilitates the drug for clinical research purposes (Article 9.2.j) GDPR and paragraph 2.d) of DA 17a LOPDGDD) on the basis of the legitimate interest pursued by the laboratory.
02/11/2022
Report in relation to the research functions of the Center for Opinion Studies
PD 16/2022
20/10/2022
Indirect information that reveals personal information but does not constitute a breach.
IP 258/2022
The complainant complains that someone in Chief Manso would have disclosed his data (who is his family doctor to his ex-wife). RA is dictated as the ICS does not provide the complainant's data but merely informs the child's mother in common the reason why the child is not assigned the same doctor as her. The reason is that the child is a beneficiary of the parent's social security number and, by default, is assigned the same doctor/ssa as the cardholder. Therefore, with this information, you can guess who the complainant's doctor is. This fact does not constitute an infringement in respect of Article 6.1.h) in relation to Law 8/2007 regulating the functions of the ICS.In addition, information on the allocation of health professionals to beneficiaries is information easily accessible to any interested person.
22/09/2022
A parent's access to information about their daughter's enrollment in university entrance exams
CNS 24/2022
In the case examined, the parent's access to the certificate certifying the status of a victim of gender violence of the other parent provided in the process of registering the common daughter in the PAU would be justified if it only contained the information relating to the existence of a situation of gender violence, the person who suffered it and the exemption derived from this circumstance.
16/09/2022
Total number of pages: 29