Una compañía de seguros envió datos confidenciales por correo electrónico que no estaba protegido
10 oktober 2023
La Autoridad Sueca de Protección de Datos (IMY) ha emitido una amonestación en contra de la empresa "IF", ya que la compañía de seguros ha procesado datos personales incumpliendo los requisitos del RGPD.
The background to the decision includes the fact that If has sent sensitive personal data via e-mail without adequate safety measures. If used encryption in transit, but the e-mail was not encrypted the entire time from sender to recipient (so-called end-to-end encryption).
After the incident, If has improved its safety standards where the insurance company has developed and launched a new way of communicating with their customers. Thus, the customers can access messages under “My profile”, which requires safe log-in with Swedish BankID (a two-step authentication).
Due to the safety measures taken after the incident, IMY “only” issues a reprimand against the company.