At the beginning of last year the German Government introduced ELENA – the Elektronischer Entgeltnachweis.
Put simply, since then employers have had to report information about their employees to a central database, such as how much their earn, the number of days holiday that they took and whether they went on strike. The form is about three pages long, per employee, per month.
The whole system was criticised for collecting too much data about everyone, without it being strictly necessary. Under the old system, much of the information was only required when applying for benefits, most notably unemployment benefit, at which point the company had to fill out a form (4 pages long if I remember correctly) about their former employee.
If someone had worked for more than one company within a certain amount of time, then all their previous employers had to fill one out.
With ELENA, the data would be collected month for month, meaning that the unemployment office would be able to access it without bothering or even waiting for the employers.
Except, of course, there were problems. Who could guarantee that the data would not be used for any other purpose? How would the unemployment offices be able to access the data of just one person, and only with their permission?
And, of course, it meant a lot more work for every employer every month of the year.
Due to all of these problems and criticism, and new law was introduced to the Bundestag to scrap ELENA. However having been approved, it still did not make its way onto the German statute book until 3rd December, so between July and November employers have been sending in the data, knowing that it would not be used, but not wanting to risk a fine for not doing so.
So what, you may ask, did the German Government do with all the data that had been collected?
Did they keep it to use in the manner that had been intended? Or did they delete it?
The answer is: neither! Instead, they destroyed the encryption key that is needed to access the data. The data itself is to be deleted over the next few weeks.
Which begs the question: if the key is destroyed, how is the data going to be deleted without wiping the entire database on which it resides?
… and what happens to the backups?