T 2.166 Breach of confidentiality regarding the processing of personal data

Data secrecy, i.e. the protection of personal data, is breached if persons having access to personal data process such data in an unauthorised manner. The obligation to maintain data secrecy is also applicable after the activity is completed. Often, such violations are caused by a lack of knowledge regarding the applicable data protection provisions on part of the compilers, who were improperly informed or not committed to data protection at the time they started their work.

Data secrecy may be violated by not deleting or by forging stored personal data, by forwarding address files to advertising companies, by forwarding personal data within a government agency or the company without any official inducement, by viewing personnel data without authorisation, by creating inadmissible analyses, by using official data for private purposes (e.g. an employee of a bank disclosing the solvency information of a neighbour in the private environment).

Examples:

• An employee of the telecommunications company uses his/her official authorisation to clarify the solvency of customers in order to retrieve data about an unpopular neighbour from the credit investigation company or other credit reporting agencies and to disclose this data to relatives or acquaintances.
• A receptionist at a hotel discloses the registration data of famous guests to the media in order to generate some extra income.
• An administrator of a municipal administration accidentally found the confidential address of a single mother during his/her work concerning the residents register files and provides an acquaintance from the sports club with this information, who was deprived of his right to child custody because he threatened the mother and her child and who is not allowed to have any contact.