On May 7, 2010, the data protection authority of the German federal state of North Rhine-Westphalia imposed a fine of €120,000 on Deutsche Postbank AG for illegal disclosure of customers’ bank account transaction data. The bank unlawfully allowed approximately 4,000 self-employed agents to access information on more than a million customer accounts for sales purposes.

An October 2009 report by the German consumer protection magazine Stiftung Warentest led to an investigation which revealed that agents had been instructed to analyze customers’ account data prior to contacting them to offer new financial products. Deutsche Postbank, which acquires customers through Postbank Finanzberatung AG, was accused of having disclosed the account transaction data to Postbank Finanzberatung’s network of self-employed agents who had been asked to analyze certain customer account transactions. Technical measures were put in place to block agents from accessing the data as of November 2009.

View the DPA’s press release (in German).