As reported by the law.pl portal, there was a mistaken situation at the Social Insurance Institution, as a result of which the Social Insurance Institution sent PIT 11a to incorrect residential addresses. The culprit is an IT system that pulled the information from an old database.
It is difficult to assess the scale of the mistake. The Social Security Administration itself confirms that it is analyzing about 300 cases of misaddressed mail. Above that, the Social Insurance Institution said it is conducting a detailed investigation to be able to confirm unequivocally whether there has been a breach of data protection.
The data that was mistakenly sent out in many cases includes not only the first and last name, but also the home address, PESEL number and the amount of sickness benefit paid.
This violation of data protection procedures can have its financial consequences in the form of a fine imposed by the President of the DPA.
Thus, the Social Insurance Institution has to reckon with a penalty, which the President of the Office of Personal Data Protection (UODO) may impose on it in the amount of up to PLN 100,000,” Maciej Gawronski, legal counsel, managing partner at Gawronski & Partners law firm, tells Law.pl. As mec. Gawronski stresses, the PESEL number provided in the PIT-11 can be a problem in particular, as it can be used for identity theft. – A shortcoming of our system is that once assigned, the PESEL number is not subject to change. There is no possibility of replacing it,” notes attorney Maciej Gawronski. He adds, ZUS must probably now write letters informing people of the leak of their data, but the people themselves should also increase their caution for at least the next year.
We encourage you to read the entire article on law.pl