The English seems a bit awkward, but the message seems clear. It seems like it took this incident over seven years to get to Spain’s Supreme Court.
The Supreme Court confirms a penalty of 361,208 euros on Iberia for losing passengers’ personal data
The Supreme Court has confirmed a penalty of 361,208 euros Iberia imposed by the Spanish Agency for Data Protection (AEDP) for losing a few documents including personal data of passengers in the vicinity of the airport of El Prat de Barcelona, according to the ruling on March 17.
The ruling dismisses the appeal filed by the company to consider its contents “merely reproduces literally full and the facts contained in the application” without stating “the grounds on which the party bases its procedural posture against acts claims” .
The Sixth Section of the Division of Administrative Litigation and the Supreme Court rejected the appeal presented by Iberia against the ruling of 16 March 2006 by the National Court, whose decision has upheld the sanction imposed by the AEPD 8 July 2004. The company has also been ordered to pay 3,000 euros in costs.
[…]
The High Court ratified the three Iberia sanctions for breaking the Act on Data Protection (LOPD). The company was sanctioned with 601 euros for a minor offence, with 60,101 euros for a serious offence and 300,506 euros for very serious offences against the Act..
The Supreme concludes that Iberia was responsible for the data and, as such, did not apply the necessary security measures established by regulation that are mandatory for personnel who have access to passenger information.
The decision also concluded that the company was allowed to assign the data to others. The events date back to August 2002, when various documents appeared in the vicinity of the airport of El Prat de Barcelona with personal data of passengers.
Read more in the Barcelona Reporter.