The Agenzia delle entrate possible data-breach and the Italian Data Protection Authority’s reaction

According to Il Sole24 Ore (the Italian financial daily newspaper), the Agenzia delle entrate (the public body entitled to the processing of Italian citizen’s tax information – about 20 billion, says the newspaper) has been shut down because of a bug allowing unrestricted access to those tax related information.

This is a clear infringement of the data protection by design and by default rule, as well as evidence that a poor security check has been done before opening the server to the Internet. But the Italian Data Protection Authority, instead of starting an investigation, just “asked for information”, a rather odd behaviour if compared to the attitude showed by the Authority toward the private sector.

I wonder if the DPA will use the very same light approach when a similar – and maybe less threatening – even should happen to some non public entity.

Leave a Reply

Your email address will not be published. Required fields are marked *