Una compañía de seguros envió datos confidenciales por correo electrónico que no estaba protegido

The background to the decision includes the fact that If has sent sensitive personal data via e-mail without adequate safety measures. If used encryption in transit, but the e-mail was not encrypted the entire time from sender to recipient (so-called end-to-end encryption).

After the incident, If has improved its safety standards where the insurance company has developed and launched a new way of communicating with their customers. Thus, the customers can access messages under “My profile”, which requires safe log-in with Swedish BankID (a two-step authentication).

Due to the safety measures taken after the incident, IMY “only” issues a reprimand against the company.

Source: https://www.imy.se/tillsyner/if-skadeforsakring-ab/