On January 11, 2010, the data protection authority of the German federal state of Baden-Wurtemberg issued a press release stating that it had fined the Müller Group €137,500 for illegal retention of health-related data and failure to appoint a Data Protection Officer.
In April 2009, the German press reported that the Müller Group, a drugstore chain comprised of twelve entities and employing some 20,000 workers, was illegally collecting health data from its employees. Specifically, employees returning from sick leave were required to complete a form and provide the reason for their sicknesses. After conducting an investigation, the DPA confirmed these allegations. Since 2006, the Müller Group entities had systematically requested employees returning from sick leave to identify the reasons for their sicknesses on a form that was then sent to the Group’s central Human Resources department to be scanned. As of April 2009, approximately 24,000 records containing data on employee illnesses were being stored in Müller’s centralized HR files.
Read more on the Privacy and Information Security Law Blog.