INTEC is facing a fine of between 40,001 and 300,000 Euros

The data protection legislation is very clear about safety information, considered as "serious" to keep the personal data files without the necessary security measures and is enshrined in Article 9 of the Organic Law Protection of Information (Act), an article which is called "principle of data security," which imposes the obligation, in this case INTECO, to take the necessary technical and organizational guarantee the security of the data, taking such measures order to prevent unauthorized access to data by third parties does not suffice simply further taking any action because, as noted by the High Court must be necessary to ensure the objectives set in the precept and that they are in place and put effectively implemented.

Clearly, if it has leaked online a computer file with more than 20000 records with personal information, security measures taken by the INTECO do not meet the minimum required by the Act which imposes an obligation of result: prevent access unauthorized.

Violating this rule, as stated, is considered a serious offense whose penalty fine between 40,001 and 300,000 euros. Specifically, Article 9.2 of the Data Protection Act states:

"Do not record personal data in files that do not meet the conditions determined by regulation with respect to their integrity and security and treatment centers, buildings, equipment, systems and programs."

ePrivacidad are aware that to date, the penalty imposed by the highest Spanish Agency for Data Protection issues related to information security rests with the television producer of Big Brother, having been enacted some years ago with a fined just over one million euros.