On July 3, 2013, the French data protection authority (“CNIL”) released its decision in a case against PS Consulting, imposing a fine of €10,000 on the information systems consulting company for violations related to the operation of its CCTV system.
On April 13, 2012, the CNIL served a formal notice on PS Consulting, ordering it to cease its non-compliant activities within one month. PS Consulting made representations indicating that it would comply, but when the CNIL conducted on-the-spot inspections in October and December 2012, it found that PS Consulting had not honored those commitments and imposed a €10,000 fine.
In its decision, the CNIL noted that PS Consulting had permanent cameras installed to film employees continuously and did not individually inform the employees about the recording and their data protection rights, prior to implementing the CCTV system. The CNIL further concluded that job applicants also should have been informed of the CCTV system.
The CNIL also determined that PS Consulting had failed to implement appropriate security measures with respect to passwords by permitting employees to use simple and short passwords (only 5 characters), and by not requiring employees to change their passwords on a regular basis.