Ispra, 29 march 2017
Union Syndicale Ispra
Dear Director Garcia Ferreiro, In referenced to your note (ref. Ares 2017 1190805 date 07/03/2017) that many colleagues have received as paper version by mail, Union Syndicale Ispra (USI) would like to bring to your attention the following concerns that have arisen from its worrying content. Within the above mentioned letter, you mention that several sensitive documents in custody of the Ispra Medical Service went lost. You mention as well that "breach of confidentiality" on medical data is possible affecting several colleagues. We would like to understand better the situation and in particular the following: How many colleagues were affected Which kind of documents went lost (certificates, medical reports, medical exams result, other confidential documents) Are the colleagues affected correctly informed about the exact list of their lost documents? Otherwise they cannot assess their risks on confidentiality and of malicious use What does the loss of documents exactly mean: e.g. removal of dossiers from the security room, lost during transport to destinations outside of the offices of the medical service…… Who was the person accountable for the data protection of these documents and who was responsible to put in place the security measures What were the security measures put in place to safeguard the confidentiality and integrity of the original documents and of the copies Which persons had access to those data (physically and electronically) Which external companies (if any) have access to the data and which contracts/SLA were in place to safeguard confidentiality How the breach could have been happened Which are the measures taken to assess what happened and the results obtained, as well as the action plan decided to avoid similar issues in the future Which are the damages to people affected, in term of reputational, financial loss and how these people have been informed of their rights? Moreover the message "you do not need to take any action" might be considered not exactly politically correct towards the personnel, as it may go against the right of individuals stipulated into the Data Protection applicable laws both at European level and at Italian level. We would like also to receive access to the Ares note referenced, as people have received only a paper copy of the file, thus missing the remaining parts (if any) of the dossier referenced. Finally, USI would like therefore to kindly receive your answer, as soon as possible, in order to clear the above mentioned worries. Kind regards, Monica G.L. Ermolli President of Union Syndicale Ispra&Seville
Union Syndicale Ispra JRC - European Commission,TP 630, I-21020 Ispra (VA) Tél: +39 0332 789031, Fax: +39 0332 789729, Email:
[email protected], WWW: www.usis.eu