Workflow
Get ready for the whistleblowing lawBOOK DEMO NOW!

Insurance company sent sensitive data via unprotected e-mail

10 October 2023

The Swedish Authority for Data Protection (IMY) has issued a reprimand against “If” as the insurance company has processed personal data violating the GDPR.

The background to the decision includes the fact that If has sent sensitive personal data via e-mail without adequate safety measures. If used encryption in transit, but the e-mail was not encrypted the entire time from sender to recipient (so-called end-to-end encryption).

After the incident, If has improved its safety standards where the insurance company has developed and launched a new way of communicating with their customers. Thus, the customers can access messages under “My profile”, which requires safe log-in with Swedish BankID (a two-step authentication).

Due to the safety measures taken after the incident, IMY “only” issues a reprimand against the company.

Source: https://www.imy.se/tillsyner/if-skadeforsakring-ab/

MORE OF FEBRUARY'S GDPR NEWS

New report shines light on deficient cookie bannersCJEU declares ruling on conflict of interests for DPOsThreefold increase in the number of concluded supervisions in 2022IMY report shows inadequate treatment of DPOs
Contact

We are always happy to help

Do you have any questions or want to book a demo? We are ready to guide you through the compliance jungle.

ContactBook a demo
We are always happy to help

Our solutions

Qnister GDPRWhistleblowing softwareSearch in sanctions lists