ACCforum: Data Protection Commissioner - Ireland - ACCforum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Data Protection Commissioner - Ireland 2014 Annual Report

#1 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 16 July 2015 - 01:58 PM

Annual report of the Data Protection Commissioner for 2014
Blog Ireland IP & Technology Law Blog
A&L Goodbody
A&L Goodbody logo
Ireland June 23 2015


The Data Protection Commissioner (DPC), Helen Dixon, has published her Annual Report for 2014. As usual, the Report reveals some interesting trends, statistics and case studies.

Here's a few we think are worth noting:

Increase in data breach notifications - During 2014, there were almost 2,300 self-reported notifications of data breaches (an increase of 681 on 2013). The principal cause of these data breaches was human error, such as the inclusion of the wrong bank statement in the wrong envelope, or the attachment of the wrong spreadsheet to an email.

The financial sector accounted for two-thirds of the notifications.
Complaints on the rise – The DPC received 960 complaints (compared to 910 in 2013). All but 27 of the complaints received were resolved amicably.
Difficulties in accessing personal data – The largest category of complaints received concerned difficulties in gaining access to personal data, which accounted for 54% (521) of the 960 complaints received.
Decrease in unsolicited marketing complaints – The second largest category of complaints concerned unsolicited electronic marketing by text and email, which involved 18% (176) of the complaints received. This was a decrease of 28 complaints compared with 2013. The DPC's active prosecution strategy in this area no doubt contributed to the decline in this type of complaint.
New category of online search delisting complaints – A new category of complaint received concerned internet search result delisting. Following the Google Spain case (which held that users may request search engines, in certain circumstances, to remove links to information affecting their privacy when a search has been conducted on the name of that individual), the DPC received 32 complaints against search engines refusing requests to remove links.

Prosecutions of private investigators and company directors – The DPC prosecuted nine entities for a total of 162 offences. The DPC undertook a high volume of case-work against private investigators (also known as tracing agents). The prosecutions involved, for the first time, use of section 29 of the Data Protection Acts (DPAs) 1988 and 2003, to prosecute the directors of companies for their part in breaches by investigators employed by the company. The prosecutions highlight the importance of businesses carrying out better due diligence before hiring private investigators, and of businesses ensuring that they are not inadvertently leaking personal data to third parties. The DPC warned that her office will be scrutinising insurance companies and other financial institutions with regard to their use of private investigators to examine potentially fraudulent insurance claims.

Statutory Enforcement Notices – Three Enforcement Notices were served requiring organisations to take certain steps to comply with the DPAs, mainly concerning the right of access to personal information.
Selected Information Notices – The DPC served nine Information Notices requiring organisations to provide her with certain information she needed to carry out her functions, such as to pursue an investigation.
Enforced Access Requests now an offence – In July 2014, section 4(13) of the DPAs came into effect, and it is now an offence to require job applicants to source personal information about themselves from organisations such as An Garda Síochána and to reveal the result of same to employers. The DPC is actively working to combat this practice, and has written to a random selection of organisations to check compliance.
Privacy Audits – The DPC carried out 38 audits and inspections in 2014, prioritising multinational technology companies and major public -sector organisations. It finalised its audit report of LinkedIn and published its audit of An Garda Síochána. The DPC also carried out some unscheduled inspections, using its powers under section 24 of the DPAs.
Engagement with tech companies – The DPC engaged with large tech multinationals, with headquarters or significant presences in Ireland, regarding numerous matters, such as proposed new products and services and emerging data-protection issues.
Queries - A record number of 13,500 queries were received by email, an increase from 12,000 in 2013.

Case Studies

As always, the case studies contained in the Report offer a useful insight in to the approach of the DPC across a range of important issues.

Case studies which are certainly worth reading include, amongst others, the prosecutions of private investigators; prosecutions for marketing offences; excessive data collection by certain organisations; disclosure of financial information by a credit union; disclosure of personal data to a business partner, and resignation of a financial institution's employee taking personal data with him.
A&L Goodbody - Davinia Brennan

Annual Report

#2 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 16 July 2015 - 02:00 PM

Today's Stories
Firms probed for use of private investigators

Wednesday, June 24, 2015


By Cormac O'Keeffe
Irish Examiner Reporter

Insurance companies and law firms are to be inspected by the State’s data protection watchdog in a bid to stop the use of private investigators to unlawfully access individuals’ personal information.

The Data Protection Commissioner also warned it will “vigorously pursue and prosecute” employers and recruitment firms who effectively force prospective staff to request data records from gardaí and give it to them.

In its 2014 annual report, the commission said queries were up from 12,000 in 2013 to 13,500 in 2014, while investigations were opened into 960 complaints last year, compared to 910 in 2013.

In an interview with the Irish Examiner, the new commissioner, Helen Dixon, rejected claims of “light touch” regulation of the large tech multinationals and said there was “constant tension” with these firms.
READ NEXT State urged to press again for mortgage relief

She said developments in Europe were awaited in terms of decisions on the mass transfer of personal data held by Irish-located multinationals to US intelligence agencies and the transfer of airline passenger data, while the High Court here was due to rule on Irish data retention laws.

Publishing her first annual report, Ms Dixon said her staff was expanding to 50 people by the end of September, up from 29, with a new office in Dublin next month, thanks to a doubling of its budget.

She said 2014 was “very significant” in that, for the first time, the directors of a company — in this case private investigators — were prosecuted for breaching data protection laws.

The investigation also threw up a wider issue. The commission investigated at least 12 credit unions in 2013 and nine in 2014, mainly for their use of private investigators. “We uncovered significant issues across the sector in terms of abuse of personal data.”

Assistant commissioner Tony Delaney said they were looking “across the board at credit unions and the financial sector generally” but said they will now examine “insurance companies and law firms”.

Ms Dixon defended the traditional “engaged approach” the office had with tech multinationals: “I’m convinced it’s the only one that has led to real results and the only one that is viable in terms of managing data protection of the millions of users that these tech multinationals have. We have a relationship of trust.”

She said they worked proactively with them, examining proposed products to “head off” problems.

“It’s absolutely not light touch,” said Ms Dixon. “We have tension with the companies constantly. A lot of the recommendations that we would have made in audits or on an ongoing basis, they are not swallowed automatically by the tech multinationals. There’s an inconvenience for them in re-engineering products, so there is a constant tension.”

She said an audit they conducted on LinkedIn had not been published by the company, as was their right, but noted the gardaí had. She suggested they would be reviewing this matter.

Audits of Yahoo, Adobe, and Apple would commence in the autumn.

Data Protection Commissioner annual report 2014

Case 1: An employee of the HSE complained about the disclosure, on two occasions, of his salary details to his ex-wife.

He told the DPC that he discovered this during a court appearance in the summer of 2013 on maintenance issues. He said that, in court, his ex-wife provided exact details from his payslips.

That December, she went back to court and produced a copy of his P60 and salary details for the previous four months.

The HSE told the DPC the payroll department had received a number of court orders directing it to make maintenance payments to the employee’s ex-wife.

It said numerous queries were raised by accountants and tax professionals acting for the woman, including one seeking a payslip.

The DPC ruled that the HSE breached the Data Protection Acts.

Case 2: In July 2014, a prospective tenant complained about the collection of bank details, PPS numbers and copies of utility bills by a letting agency when applying to rent a property. She believed that if she did not supply all this information upfront her application would not be seriously considered.

The DPC told the agency that it could see no basis for collecting all this information at application or property-viewing stage.

The agency ceased such requests upfront and said it would only do so if a tenant accepted a property. The complainant was satisfied with the outcome.

READ MORE Visit the section home page here
READ NEXT State urged to press again for mortgage relief

KEYWORDS Private Investigator

© Irish Examiner Ltd. All rights reserved

#3 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 16 July 2015 - 02:01 PM

Private Investigators Prosecuted for using stolen data social welfare

Share this topic:

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users