The Data Protection Commissioner has published the annual report for 2012. In particular, he has highlighted concerns over the issue of sharing personal data in the public sector. He has accepted that the sharing of some data is essential for the efficient delivery of public services, and indeed to assist Government function, but the concern is that such data sharing has to be done in a manner that respects the rights of the individuals to have their personal data treated properly, and not used or accessed without good reason.
This is the 24th Annual Report of the Data Protection Commissioner, which was presented to the Houses of the Oireachtas last week.
The cost of running the Office in 2012 was just over €1.5 million, with receipts of €647,000.00. Of those costs, staff costs were 85% of the budget.
During 2012 the Office received 1,349 complaints, which is a new record high, comparing with 1,161 complaints in the preceding year. Interestingly, 369 complaints related to one particular matter. Most of the complaints, 606, related to unsolicited direct marketing, text messages, phone call, faxes and emails. This was a marked increase on preceding years. The remainder of the complaints concerned breaches of the Data Protection Acts, as opposed to breaches of the Privacy and Electronic Communications Regulations above.
Of data breach notifications, there were 1,666 personal data security breach notifications in 2012, which again was an increase on preceding years. Mostly these were due to either inappropriate security measures, such as encryption not being in place to protect the data, or individuals failing to update their contact details with the Data Controller. In July 2011, a new Statutory Instrument (SI 336 of 2011) made it a legal requirement for telecommunication companies and ISP’s to notify the Data Protection Commissioner without undue delay of any data security breach, and also to notify any individuals. In September 2012, two companies were prosecuted for failing to meet their legal obligations in this regard.
Interestingly, the Office also decided to audit An Garda Siochana. The chief finding was discovering inappropriate access to the Garda computer system, PULSE. In particular, two high profile figures had had their records accessed over 80 and 50 times respectively by members of the Gardai. They had also accessed records of three high profile media personalities, and also an inter county GAA player, which clearly had no connection to official police business. The Gardai have promised to change their policies in relation thereto.
All in all, a comprehensive report worth the read, but also demonstrative of how much work is actually left to do for the Commissioner.
A growth area.