In October 2014, the Federal Supreme Court ruled that the basic and supplementary insurers of an insurance group must know all relevant information about an insured person that exists within their organization (4A_294/2014). In the following, we explain why this is problematic from a data protection perspective.