Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Angola: APD fines BPC $525,000 for public disclosure of employee data
The National Data Protection Agency ('APD') announced, on 29 April 2022, that it had issued a decision in which it fined Banco de Poupança e Crédito ('BPC'), a government-owned bank in Angola, the equivalent of $525,000 for violations of Articles 30, 31, 32, and 35(1) of Law No. 22/11 on the Protection of Personal Data ('the Law').
Background to the case
In particular, the APD outlined that the decision follows an investigation into the public disclosure, through online social networks, of a map of employees who had been laid off by BPC.
Findings of the APD
Moreover, the APD identified the following three violations by BPC in relation to the public disclosure of employee data:
- for the failure to implement technical and organisational measures to protect employee personal data, a violation of Article 30 and 31 of the Law;
- for the failure to observe the duty of care and secrecy in relation to the access and improper disclosure of employee personal data, a violation of Article 32 of the Law; and
- for the failure to request authorisation from the APD to process employee personal data, a violation of Article 35(1) of the Law.
Outcome
In view of the above findings, the APD decided to fine BPC the amount of $525,000.
You can read the press release, only available in Portuguese, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
