07/05/18 CNIL- Conviction for Optical Center : 250K€

Control online and then on the spot.

Security requirement: Default when placing online orders on its website: access to hundreds of customer invoices containing personal data (surname, first name, postal address, health data and sometimes date of birth and social security numbers).

Sanction: 250K€ despite the active collaboration of Optical Center to solve the flaw, because: the restriction of access to documents present on the personal spaces is a precaution of essential use; the company knew the risks of computer security, having already been condemned in 2015 (to 50K €).

Publication of the decision: because the data made available were particularly sensitive and numerous (334,769 documents) ant the number of customers affected important.