Blog

Posted on

The Agenzia delle entrate possible data-breach and the Italian Data Protection Authority’s reaction

According to Il Sole24 Ore (the Italian financial daily newspaper), the Agenzia delle entrate (the public body entitled to the processing of Italian citizen’s tax information – about 20 billion, says the newspaper) has been shut down because of a bug allowing unrestricted access to those tax related information.

This is a clear infringement of the data protection by design and by default rule, as well as evidence that a poor security check has been done before opening the server to the Internet. But the Italian Data Protection Authority, instead of starting an investigation, just “asked for information”, a rather odd behaviour if compared to the attitude showed by the Authority toward the private sector.

I wonder if the DPA will use the very same light approach when a similar – and maybe less threatening – even should happen to some non public entity.

Posted on

A CRISPR-Cas9 Research and the GDPR. A case-study

Personal genetic data processing is routinely believed to be subjected to Data Protection Regulations and in particular to the EU General Data Protection Regulation. While this is – in general – true, it is important to know exactly when and until where those regulation can affect the genetic research and – therefore – the possibility to find a cure for genetic diseases. Clearly, an actual life-or-death problem. Continue reading “A CRISPR-Cas9 Research and the GDPR. A case-study”