The CNIL sanctioned the French Socialist Party because a security breach on its website has been noticed, which led to a data leakage of 10,000 members.
The breach has been discovered by the CNIL on 26th May 2016. According to some agents who led the study “The French Socialist Party didn’t have a good enough security measure”.
Many members of the French Socialist Party have seen their personal data revealed on the website: “CNIL’s controllers were able to freely access the website with the members followers”, said the Council. This act was possible by the agents only by writing the URL’s website. “They have been able to know about personal data like their surname, first name, email address, phone number, birthday, IP address, method of payment and the membership fee amount.”
According to the CNIL, the French Socialist Party has not respected two things. First, it didn’t look for the data security of its first-members, as it is requested in the 34th article regarding the informatics and liberty law. Secondly, it kept information in an illegal way for an undetermined time.
Since then, the Socialist Party took quick measures in order to solve these problems. The CNIL gave a lower penalty. There won’t be any fine.
Liane Meira Couto, IEJ 3E