Sara Susnjar writes:
The French data protection authority (CNIL) recently announced in its decision against Optical Center, a French retailer of eyewear and other optical products, that it was fined €50,000 for violations related to security and confidentiality of its customers’ personal data. The fine is based on the CNIL’s audit of the company’s processing activities.
Following a complaint, an initial audit was carried out demonstrating that the Optical Center did not secure (i) the homepage on which web users log into their online accounts nor (ii) the web page on which users change their passwords.
Read more on Winston & Strawn.