COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE
AND PERSONAL DATA PROTECTION

logo novi

COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE
AND PERSONAL DATA PROTECTION

logo novi

COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE AND PERSONAL DATA PROTECTION

Press Releases - Archive

The Commissioner for Information of Public Importance and Personal Data Protection has initiated the surveillance procedure over the implementation of the Personal Data Protection Act in the Republic Healhtcare Insurance Fund (RHIF).

The immediate cause for the institution of proceedings was the emergence of personal data of a minor Fund insuree and her Legal Representative in the public, first on Twitter social network, posted by M. Rističević, member of the RHIF Managing Board, and then in the debate of political opponents in the National Assembly, and thereafter they have been disclosed to the broadest general public.

The Commissioner asked, starting from the position that personal data processing is in general non-permissible if performed without a valid basis, or for the purpose for which it has not been envisaged, and asked the RHIF, to take stand among else, regarding the following issues:

- if the personal data of the insured person are otherwise available to the members of the RHIF Managing Board, based on which legal grounds and for which purpose;

- if, in the specific case, they have been made available to the member of the Managing Board who published them, based on which grounds and for what purpose;

- if the quoted member of the Managing Board has published the personal data on behalf of RHIF, and based on what legal grounds.

The Commissioner shall, as usual, after completing the surveillance procedure inform the public about the results and measures he shall undertake. The Commissioner evaluates that this specific case, as well as the other similar ones, could also deserve attention of the other authorities in charge, reminding that the Criminal Code provides that one "who without authorization acquires, discloses to another or uses the personal data which are collected, processed and used based on the law, for the purpose for which they have not been intended" shall be punished with a fine or imprisonment, and "if that act is committed by an official in discharge of duty" that person shall be punished with imprisonment up to three years.

 

 

Archive

Портал отворених података