What actually happened?
Hamburg’s data protection team found the German unit of H&M as the culprit. They were unlawfully collecting and storing personal information about employees, including their illness details. Data protection watchdog teams found a hard drive containing around 60 GB of very personal information on the employees from the site. The drive consists of data that contained systematic and detailed records on employees’ health, from simple bladder weakness to higher cancer issues. It also revealed information about their private lives, even of holiday experiences and family disputes. Reactions from the world According to Frankfurter Allgemeine Zeitung, Johannes Caspar, the records were easily accessible to all company managers. This access permission implies that the employees were being comprehensively spied on. This way of spying is completely unparalleled in recent years. An answerable official from H&M expressed his honest regret about the data breach incident. Managers said that the company is pursuing this case as “very seriously.” The firm has taken a number of measures in response to the incident. As per reports, H&M is fully cooperating with the data protection officials. What next? As per the Hamburg data protection officer, possible fines for H&M would be decided in the coming weeks.
Types of sensitive personal data or information H&M collects of their employees:
a) name, number, DOB, email id, gender, permanent address, marital status, any government-issued identity/ age proof, emergency contacts of relatives
b) Nationality, photographs, and passport information
c) financial information such as taxpayer identification number, bank account or other payment instrument details
d) work history, technical and educational skills, languages known, professional certifications and registrations, training courses attended
e) All types of information captured on security systems, like CCTV and key card entry systems;
f) e-mails, password, voicemails, correspondence, and other work product and communications created, stored or transmitted by an employee using H&M’s computer or other communications’ equipment;
g) resignation date and reason, performance assessment and an appraisal if any
h) criminal background checks and screening.
Employees are aware of the fact that:
a) Personal data information is being collected;
b) what is the purpose of the data collection;
c) final intended recipients of the information; and
d) name and address of the agency/third party that is collecting the data or information and retaining all the information.
Most of the Sensitive Personal Data or Information is willfully and knowingly provided to the firm by the employer. However, in some instances, they collect Sensitive Data about employees, based on their inferences about You, from other information provided on our interactions or with the help of any third party. So this whole mentioned information was probed by H&M. The organization will have to surely pay for this illegal examination over its own employees.