German Data Protection Authority Issues € 36,000 Fine Against Lidl for Collection of Employee Health Data

On August 19, 2009, the state DPA in North Rhine-Westphalia fined a subsidiary of the discount supermarket chain Lidl € 36,000 (approximately $51,000) for illegally keeping records of employee health data.

The case was triggered by a report in the German news magazine Der Spiegel.  A Bochum resident found papers and forms containing Lidl employees’ health data in a trash bin at a car wash and forwarded them to the magazine.  Subsequent investigations revealed that at least four Lidl branches in North Rhine-Westphalia were using a form to record data about employees’ medical conditions, partly without their knowledge.  This activity was found to violate data protection law in many cases.

Source: Privacy and Information Security Law Blog

This sounds like there was both a privacy breach as well as a security breach.

About the author: Dissent

Comments are closed.