Disclosure of patient’s mental health status and treatment results in strong response by Serbia’s Commissioner of Information of Public Importance and Personal Data Protection

Marko Popovic and Bogdan Ivaniševic of BDK Advokati write:

In December 2015, a journalist disclosed one patient’s health data in a TV show. The data were related to the patient’s mental health and his treatment in the mental health clinic “Dr Laza Lazarevic”, in Belgrade. The Serbian Commissioner for Information of Public Importance and Personal Data Protection (“Commissioner”) promptly established that the clinic disclosed the data to the Ministry of Health which, in turn, made the data available to the Ministry of Interior. On 23 December 2015, the Commissioner issued a warning to the clinic and the Ministry of Health because of the blatant violation of the patient’s right to privacy and protection of personal data. The Commissioner did not establish who disclosed the data to the journalist.

Read more on BDK. Seriously, read more. It’s impressive how seriously the Commissioner took this breach – to the step of filing misdemeanor and criminal complaints.

Revealed: Afghan data breach after MoD official left laptop open on train
Canada says hacktivists breached water and energy facilities
UK: FCA fines former employee of Virgin Media O2 for data protection breach
The 4TB time bomb: when EY's cloud went public (and what it taught us)
China Amends Cybersecurity Law and Incident Reporting Regime to Address AI and Infrastructure Risks
Alan Turing institute launches new mission to protect UK from cyber-attacks

Related: