Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rhineland-Palatinate: LfDI Rheinland-Pfalz highlights several data protection cases from 2023 and 2024
On September 4, 2024, the Rhineland-Palatinate data protection authority (LfDI Rheinland-Pfalz) published a press release covering the press conference entitled 'Best of Data Protection' and outlining several data protection cases from 2023 and 2024 covered during the conference.
The LfDI Rheinland-Pfalz listed the following cases, among other things:
- failure to remove the personal data of a previous customer (including Facebook and Instagram accounts) from virtual reality glasses before reselling them to a new customer;
- conducting a consultation call at the public counter by a bank advisor, leading to sensitive information on the assets and life plans of a customer being disclosed to unauthorized parties;
- changing the practice of requiring to present a maternity record to the youth welfare office to recognize paternity; and
- due to a technical error, several pieces of information on a gas station robbery were visible on a police website.
Furthermore, the LfDI Rheinland-Pfalz provided an update on the status of the audits of IT security in Rhineland-Palatinate health authorities, confirming various data protection-related vulnerabilities, such as:
- the absence of a data protection-compliant logging function and necessary support for adequate encryption of the databases;
- not sufficiently observing the principle of data protection-friendly default settings; and
- not meeting legal requirements in data protection management.
Lastly, the LfDI Rheinland-Pfalz issued concrete recommendations to the responsible Ministry of Science and Health on the digitization of the public health service in Rhineland-Palatinate.
You can read the press release here and the recommendations here, both only available in German.