DPA Issues €200K Fine for Access, Profiling
FINANCIAL PRIVACY—GERMANYNovember 24, 2010
The German Data Protection Authority (DPA) has issued a €200,000 fine to the financial institution Hamburger Sparkasse AG for allowing customer representatives access to customers' bank data and for profiling its customers, reports the Hunton & Williams Privacy and Information Security Law Blog. The bank reportedly allowed self-employed, mobile customer service representatives to access customer data, often without consent, and created character profiles on customers based on neurological research and customer data such as socio-demographic data and product usage, including direct deposit accounts and the number of transactions. The DPA said that the bank quickly amended its procedures and cooperated with its investigation.