The European Article 29 Working Party published its findings on the coordinated audit of the health insurance sector by the European national DPAs.
For the first time in history, the European DPAs bundled their forces to conduct a data protection audit of one specific business sector cross-nationally. Although compliance insufficiencies will be further followed up by national DPAs, the audit served also as a test case to refine the audit methodology for future actions. The report contains the following interesting highlights:
- Information security measures, data retention and data economy will gain attention in future audits;
- The Working Party announced potential collaboration with other international authorities or organizations, such as the Federal Trade Commission, Organization for Economic Cooperation and Development, APEC, etc.;
- While this audit was based on a questionnaire sent to health insurers, random checks will be conducted in the future.
The Working Party did not reveal what business sectors may be audited next, but sectors that process important amounts of sensitive personal information or that process personal information as a main service activity (or a part thereof) are high on the Working Party's audit list.
— Jan Dhont