The Privacy and Information Security Law Blog reports that earlier this month, the state DPA in North Rhine-Westphalia fined a subsidiary of the discount supermarket chain Lidl € 36,000 (approximately $51,000) for illegally keeping records of employee health data. To compound the employee privacy breach with a security breach, it seems that the case was…