Elaine Edwards reports:
Action is needed to tackle deficiencies in how the public service protects the personal data of citizens before such action is triggered by a “crisis”, the Data Protection Commissioner has said.
Billy Hawkes was speaking today on the publication of his annual report for 2013, which is his final annual report in the office. He retires in August.
Read more on The Irish Times.
A press release issued today by the Data Protection Commissioner’s Office summarizes some of the key findings:
Complaints:
During 2013, the Office opened 910 complaints for investigation. Complaints from individuals in relation to difficulties gaining access to their personal data held by organisations accounted for almost 57% of the overall complaints investigated during 2013. With 517 complaints in this category, this represents a record high number of complaints concerning access requests. The annual report draws particular attention to issues which we have identified in the course of our investigations of access request complaints. Complaints in 2013 about unsolicited marketing communications under the Privacy and Electronic Communications Regulations are at a similar level to recent years with a total of 204 opened for investigation.
The annual report includes case studies of a number of specific investigations including:
- The prosecution in District Courts across the State of a number of companies for unsolicited marketing offences.
- Unlawful accessing of Departmental records by an official of the Department of Social Protection for their own personal use.
- The disclosure by Carphone Warehouse of a customer’s details to strangers and the distressful consequences for the customer concerned.
Data Security Breaches:
In 2013, the Office dealt with 1,577 Data Security Breach notifications. For the second year, the annual report contains a selection of case studies regarding a number of Data Security Breach investigations, including:
- Report of investigation into data security breach at Loyaltybuild Ltd.
- The taking of a client list by an ex-employee to a new employer, which is emerging as a recurring issue.
- The first notifications by telecommunication companies via the new online reporting mechanism laid down in European Commission Regulation 611/2013.
Breach reports by the private sector were up in 2013 compared to 2012 (246 vs. 220), but down for the public sector (61 vs. 84).
You can access the full report here.