The French Data Protection Authority (the “CNIL”) was not in a festive mood when right after Christmas, on the 27th of December, announced and imposed the fine of €250,000 to French telecom operator Bouygues Telecom after they failed to protect their customers‘ personal data.
Personal data of customers was compromised when due to the security vulnerability and the human mistake. According to the Lexology, the computer code, which requires user authentication on the company’s website, had been deactivated during a test phase but not re-activated once the tests were completed. Documents containing customers’ personal data were accessible for anyone. The company quickly blocked the data from improper access, but it took 4 days for Bouygues Telecom notice, identify and report the infringement.
LEARNING TIP: Human error causes 4 out of 5 data breaches (in UK). Lack of training, unclear responsibilities or improdence, can give rise to error (confidential data emailed to the incorrect recipient, loss or theft of paperwork, data left in an insecure location and others). In order to avoid possible human errors, clear directions should be given to each employee about their responsibilities. Also, training should take a place after addapting new technical or organizational security measure. Emploees must be well informed how to recognise a threat and what to do in case of an accident.