On November 23, 2010, the data protection authority (the “DPA”) of the German federal state of Hamburg fined regional financial institution Hamburger Sparkasse AG (“Haspa”) €200,000 for illegally allowing its customer service representatives access to customers’ bank data, and for profiling its customers and also granting the representatives access to such profiles. The bank cooperated with the DPA and immediately discontinued the illegal practices.

From the end of 2005 until August 2010, Haspa allowed its self-employed, external customer service representatives access to customer bank data, often without having first obtained the customers’ consent. According to the DPA, the number of bank accounts accessed is not clear. The bank was aware of this practice through reviews of log files that detailed the representatives’ access.Continue Reading Hamburg DPA Files Bank €200,000 For Accessing Customer Data and Customer Profiling