Daily DashboardEuropean Data Protection Digest

DPA Issues €200K Fine for Access, Profiling

FINANCIAL PRIVACY—GERMANY

November 24, 2010

The German Data Protection Authority (DPA) has issued a €200,000 fine to the financial institution Hamburger Sparkasse AG for allowing customer representatives access to customers' bank data and for profiling its customers, reports the Hunton & Williams Privacy and Information Security Law Blog. The bank reportedly allowed self-employed, mobile customer service representatives to access customer data, often without consent, and created character profiles on customers based on neurological research and customer data such as socio-demographic data and product usage, including direct deposit accounts and the number of transactions. The DPA said that the bank quickly amended its procedures and cooperated with its investigation.
Full Story