COVID – The Cnil, French gendarme of personal data, announced this Thursday, October 14 that it had given notice to the young company Francetest, a site transmitting the results of Covid tests carried out in pharmacies to the government platform, for “insufficient security” of health data .
Two months to “do what is necessary”
“The Cnil found that the company had taken certain measures to address the vulnerability that caused the data breach. However, the Francetest service still has several shortcomings in terms of data security, ”said the regulator in a statement.
“Consequently, the president of the CNIL has decided to put the company on notice to take all the necessary measures to guarantee the security of the health data that it processes on behalf of hundreds of pharmacies. The company has two months to do what is necessary ”, he added.
Francetest is a company founded last January which specializes in the transfer of data from Covid tests carried out in pharmacies to the government platform SI-DEP.
300 pharmacies concerned
The SI-DEP (screening information system) is a secure platform where the results of Covid-19 tests are systematically recorded in order to “ensure that all positive cases are well taken care of” and to identify cases contacts, explains the Ministry of Health on its site.
Result: many pharmacists use intermediaries to enter the results of the tests carried out in the SI-DEP. Francetest thus charges one euro per transmission, according to the information site Mediapart, which revealed the data breach.
“The Francetest company is a subcontractor of hundreds of pharmacies responsible for the operational performance of antigenic tests, the Cnil has sent a letter to more than 300 pharmacies concerned”, she further indicated, so that they can check their compliance. the General Data Protection Regulation (GDPR) and the security obligation.
See also on Then24: Why Covid Tests Will Pay From October 15