Hertz France must pay €40 000 fine in new digital law

The car rental company Hertz has been hit with a €40 000 fine after personal details of 36 000 customers were found to be easily available online.

30 July 2017
By Connexion journalist

The fine is the first of its kind in France for this type of data breach, after a new law “for a digital Republic” came into force in November 2016.

Names, addresses, and driving license numbers of 35 357 people were found easily accessible on "www.cartereduction-hertz.com", a website owned by Hertz France, after investigations by the CNIL (The Commission on computing and freedom; La Commission de l'informatique et des libertés).

The breach was traced back to an error by an outside subcontractor, who had been developing the site, and accidentally left it open to access after a change in server. An accidental deletion of a line of code meant that the details were re-published publicly.

The CNIL issued the fine after finding that the company had failed to take all possible measures to safeguard the security of personal details of its users.

“This is the first time that a monetary sanction has been given for a violation in data, under the umbrella of the Law for a Digital Republic came into force in November 2016,” explained the CNIL in a statement to Le Figaro newspaper.

“Before this law, only a warning could have been issued in a case such as this.”

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
Brexit and Beyond for Britons in France*
Featured Help Guide
What the Brexit deal means for UK residents of France, second homeowners and visitors in 2021 and after
Get news, views and information from France