Social Security in Portugal Faces Potential Fine for Data Breach

The National Data Protection Commission (CNPD) is investigating the Portuguese Institute of Social Security (ISS) for an alleged data breach that occurred in June 2019. The incident involves the seizure of a USB drive from a staff member's office, containing sensitive information about individuals such as the head of the Judicial Police, intelligence agents, and the former Attorney General of the Republic. The failure to immediately notify the CNPD could result in a fine of up to ten million euros.

This incident underscores the importance of public institutions strictly adhering to legal obligations regarding personal data protection, including the immediate notification of breaches to the relevant authorities. Failure to comply with these duties may lead to significant financial penalties and damage public trust in entities responsible for handling sensitive data.

Check for more in: https://www.publico.pt/2025/02/10/sociedade/noticia/caso-pen-seguranca-social-arrisca-multa-nao-notificado-violacao-dados-2121906

#DataProtection #PrivacyBreach #Portugal #SocialSecurity #GDPRCompliance