Today, Hennes & Mauritz Retail Private Limited, (collectively referred to as “H&M” or “We”) doesn’t need any introduction. It was found in 1947 and has grown into one of the world’s leading fashion companies. Being the giant fashion retail, customer and employee security must be the main concern of the organization. Recently, the fashion retail H&M is found allegedly spying on its customer service representatives in Germany. German privacy watchdog recently conducted an investigation. Swedish clothing retailer H&M found being involved in massive data protection breaches. A hard drive containing around 60 GB explained the whole matter of data breaches. It contained very personal information about the employees. While the scenario was obtained by law enforcement officials from the site. Privacy concerns of H&M Such firms understand the importance of protecting their customer’s and employees’ privacy aspects. It is the major responsibility of such firms to safeguard the privacy of the sensitive personal data or information. Such information is collected, received, used, possessed, recorded, stored, transferred, dealt, handled, and disclosed of their current and former employees as per requirements of the organization’s needs. This management and administration are done of employment and post-employment matters. These privacy customs are in complete accordance with the Information Technology Act, 2000 and Information Technology (Reasonable security practices and procedures, and sensitive personal data or information) Rules, 2011 made there under IT act. The scope and applicability of current privacy policy is all wide. Current Privacy Policy is effective from 1st August 2017 applies to H&M, employees including, temporary, permanent, and part-time, all job applicants, staff, interns, contract/retiring/contingent employees whose sensitive personal data or information has been given to H&M. Information contained details about their employees too.
What actually happened?
Hamburg’s data protection team found the German unit of H&M as the culprit. They were unlawfully collecting and storing personal information about employees, including their illness details. Data protection watchdog teams found a hard drive containing around 60 GB of very personal information on the employees from the site. The drive consists of data that contained systematic and detailed records on employees’ health, from simple bladder weakness to higher cancer issues. It also revealed information about their private lives, even of holiday experiences and family disputes. Reactions from the world According to Frankfurter Allgemeine Zeitung, Johannes Caspar, the records were easily accessible to all company managers. This access permission implies that the employees were being comprehensively spied on. This way of spying is completely unparalleled in recent years. An answerable official from H&M expressed his honest regret about the data breach incident. Managers said that the company is pursuing this case as “very seriously.” The firm has taken a number of measures in response to the incident. As per reports, H&M is fully cooperating with the data protection officials. What next? As per the Hamburg data protection officer, possible fines for H&M would be decided in the coming weeks.
Types of sensitive personal data or information H&M collects of their employees:
Sensitive information is a term defined as an individual’s information that can uniquely identify any individual. H&M under privacy policy collects the following information.
a) name, number, DOB, email id, gender, permanent address, marital status, any government-issued identity/ age proof, emergency contacts of relatives
b) Nationality, photographs, and passport information
c) financial information such as taxpayer identification number, bank account or other payment instrument details
d) work history, technical and educational skills, languages known, professional certifications and registrations, training courses attended
e) All types of information captured on security systems, like CCTV and key card entry systems;
f) e-mails, password, voicemails, correspondence, and other work product and communications created, stored or transmitted by an employee using H&M’s computer or other communications’ equipment;
g) resignation date and reason, performance assessment and an appraisal if any
h) criminal background checks and screening.
Employees are aware of the fact that:
a) Personal data information is being collected;
b) what is the purpose of the data collection;
c) final intended recipients of the information; and
d) name and address of the agency/third party that is collecting the data or information and retaining all the information.
Most of the Sensitive Personal Data or Information is willfully and knowingly provided to the firm by the employer. However, in some instances, they collect Sensitive Data about employees, based on their inferences about You, from other information provided on our interactions or with the help of any third party. So this whole mentioned information was probed by H&M. The organization will have to surely pay for this illegal examination over its own employees.