Blog > Data protection and RGPD | Legal consulting

The carelessness in custody of data, supposes considerable losses to companies

by Edorteam | 8 Jan, 2020

The RTVE case

The loss of 6 unencrypted pendrives by the RTVE employee pension plan manager has resulted in a € 60,000 fine from the AEPD.

This security breach, caused by human oversight, was reported on January 25, 2019 by the Data Protection Officer (DPD) himself, as required in these situations.

These devices were without any protection inside a small purse. The data contained belonged to approximately 11,000 people and included data of identification type, personal circumstances, employment details, union membership, health data and criminal offenses or convictions, if any.

As for the number of affected, it is very high since the data of participants in the pension plan dates back to the start date of this in 1995, and the data of the RTVE Census are of all the employees of this, being many of them you also participate in the Pension Plan.

You can consult the resolution of the sanctioning procedure in question at the following link:
https://www.aepd.es/resoluciones/PS-00305-2019_ORI.pdf

The Ambar case

Last November, the news broke that the Ágora brewery in which the Ámbar brand is integrated was a victim of ransomware software in which data from the logistics and commercial section was hijacked.
This attack, which does not have to have been directed directly at the company itself, is the most common way that a company can find itself totally helpless.

Today companies have a large part and dependence on their computer systems, but it seems that care is not taken or given the value that this fundamental part of the production process deserves.

It is very important that the IT service that we have contracted, whether internal or external, implements the preventive and containment measures necessary to avoid these situations.

Could your business recover from one of these mishaps?

Our conclusions:

This sanctioning procedure has turned out to be a serious problem for RTVE due to the loss of such a volatile item, such as a small wallet containing 6 USB drives. We quote below an excerpt from the linked document:

“The reasons on which the claim is based are that there has been a security breach after the disappearance of removable devices unencrypted from the Office of Attention to the Participant of the Pension Plan (hereinafter OPP) in the Building of Corporación RTVE (hereinafter RTVE) in Prado del Rey, which contained personal data. “

If the necessary measures and fundamental to prevent access to this personal data, the DPO, would not have been forced to initiate the complaint procedures as indicated in the article 33 , before the Data Protection Agency, with the damage that has finally caused them.

Of having used the encryption system, ET-Encrypt included in ET-Security , the loss of these USB devices would not have been necessary to notify the data protection agency and those affected by this security breach, as established in the article 34 of this same law.

This fact would not prevent that if it were the only existing copy of those data, they would have been lost forever. A basic pillar of computing is to have a copy of all data assured.

To safeguard the data in these cases, we have our document management service GDocumentary . It provides both the functionality of storing the data and the possibility of being able to retrieve it at any time. Regardless of our location, we will be able to retrieve and contribute data to document management.

If we do not want to have remote access to the documentation at any time, it is important to note that we must guarantee the durability of the data with which we work. Therefore, our backup system ET-Backup , allows data to be safeguarded in a safe environment, external to our organization and without loss of data in the event of a system failure or external intrusion.

All these services are offered from national territory and within the EU, thus meeting all the requirements of the LOPD and RGPD.

We also want to note that given the fragility of removable USB devices (susceptible to being hit in a more direct way), it is not the best medium to store data of this level of importance.

More information:
– ET-Security
– GDocumentary
– ET-Backup Online

Request information

Categorías del blog

A protocol for the prevention of sexual harassment in the workplace is mandatory for all companies

27 Jun, 2022 | Equality plans, Legal consulting

As we have explained in recent months, since last March all companies with more than 50 employees must have approved their Equality Plans, a set of measures aimed at ensuring effective equality between women and men in the workplace. But what about smaller companies,...

Equality Plans are now mandatory if you have more than 50 employees in your business.

25 Mar, 2022 | Equality plans, Legal consulting

On March 7, 2021, all companies with more than 50 employees are required to have Equality Plans in force and approved in accordance with the regulations. Royal Decree 901/2020 introduced this regulation and, in the first instance, companies with more than 100...

More and more legal obligations for your company

6 Mar, 2022 | Legal consulting

Keeping your company's regulatory compliance under control is becoming increasingly complex, as in recent years there have been constant changes in the legal framework, both at state and European level: Personal data protection Obligation of preventive cybersecurity...

11 Comments

Eskarne Carretero on 6 de March de 2023 at 04:36

¿Y si en vez de culpar a las empresas, responsabilizamos a los empleados descuidados? 🤔
Reply
Darío Hidalgo on 19 de May de 2023 at 23:33

¿Por qué las empresas no protegen mejor su información importante? ¡Es un desastre total!
Reply
Raico Molero on 11 de June de 2023 at 05:41

¿Cómo pueden las empresas mejorar la seguridad de sus datos? ¡Necesitamos soluciones ya! 🤔🔒
Reply
Cirilo Puerto on 8 de July de 2023 at 15:01

¿Realmente hacemos lo suficiente para proteger la información empresarial? ¿Qué opinan? 🤔
Reply
- Domingo on 8 de July de 2023 at 16:01
  
  ¡Claro que no! La mayoría de las empresas no toman en serio la protección de su información. Es hora de invertir en seguridad cibernética y concienciar a todos los empleados sobre la importancia de mantener seguros los datos de la empresa. ¡No esperemos a que sea demasiado tarde! 🛡️🔒
  Reply
Amor on 10 de October de 2023 at 22:56

¿Cómo pueden las empresas proteger mejor sus datos ante descuidos como estos? 🤔
Reply
- Alano on 11 de October de 2023 at 00:56
  
  Las empresas deben invertir en capacitación continua para su personal, implementar políticas estrictas de seguridad de datos y utilizar tecnología avanzada de protección. La negligencia no tiene cabida en un mundo donde la privacidad es crucial. La responsabilidad recae en quienes manejan la información. ¡No hay excusas!
  Reply
Panya Lorente on 4 de December de 2023 at 13:39

¿Cómo es posible que sigan descuidando la seguridad de los datos en pleno 2021?
Reply
- Faye on 4 de December de 2023 at 15:39
  
  Lamentablemente, parece que la seguridad de datos sigue siendo una asignatura pendiente para muchas empresas. Es fundamental que se tomen medidas urgentes y se invierta en proteger la información de los usuarios. ¡Es inaceptable seguir descuidando este aspecto en pleno 2021!
  Reply
Claribel Nevado on 11 de December de 2023 at 04:10

¡Increíble cómo siguen descuidando la seguridad de los datos en pleno siglo XXI! 🤦‍♂️
Reply
- Joaquín on 11 de December de 2023 at 10:10
  
  ¡Siempre buscando algo de qué quejarse! En vez de criticar, ¿por qué no propones soluciones constructivas? Todos somos responsables de nuestra seguridad en línea. ¡Actúa en lugar de solo lamentarte! 💪🏼🔒 #SeguridadEnLínea #ResponsabilidadPersonal
  Reply