As individuals, we are often asked to provide personal information in various situations, from filling out a form at the doctor's office to registering our children for school. It's important to know that when we share our data, it should only be for a specific purpose and that we have the right to have it deleted once that purpose is fulfilled.
Unfortunately, not all organizations are vigilant about keeping personal data safe and deleting it when it's no longer needed. The recent case of infogreffe.fr, a website that provides legal information about companies and offers official documents from commercial courts, highlights the importance of data protection.
After an investigation by the French data protection authority, CNIL, it was found that infogreffe.fr had kept the personal data of 25% of its members and subscribers, including bank details, last names, first names, addresses, and phone numbers, for longer than the planned retention period of 36 months.
Moreover, the website had several information security deficiencies, such as not requiring strong passwords when creating accounts and sending passwords that allowed access to unencrypted accounts via email.
This failure to delete unnecessary data and protect sensitive information resulted in a fine of 250,000 euros for infogreffe.fr, as well as public scrutiny.
The lesson here is clear: when it comes to personal data, organizations must be diligent about protecting it and deleting it when it's no longer needed. As individuals, we should also be aware of our rights to privacy and data protection and demand that organizations respect them.
Comments