On December 29, 2014, the Commissioner for Data Protection and Freedom of Information of the German state Rhineland-Palatinate issued a press release stating that it imposed a fine of €1,300,000 on the insurance group Debeka. According to the Commissioner, Debeka was fined due to its lack of internal controls and its violations of data protection law. Debeka sales representatives allegedly bribed public sector employees during the eighties and nineties to obtain address data of employees who were on path to become civil servants. Debeka purportedly wanted this address data to market insurance contracts to these employees. The Commissioner asserted that the action against Debeka is intended to emphasize that companies must handle personal data in a compliant manner. The fine was accepted by Debeka to avoid lengthy court proceedings.
In addition to the monetary fine, the Commissioner imposed obligations on Debeka with respect to its data protection processes and procedures, including a requirement that Debeka’s employees obtain written consent from customers to collect their addresses. The insurance group also has appointed 26 data protection officers. The public prosecutor has initiated criminal proceedings against Debeka in this matter and those proceedings are ongoing.