LAST YEAR, THE Data Protection Commissioner dealt with 1,349 new complaints – a record figure for Billy Hawkes’s office.
During the 12-month period, 606 complaints about unsolicited direct marketing through text messages, phone calls and emails were received. A total of 369 reports were made about the one issue.
Many of the businesses involved in such advertising are unaware of the law which applied to communications, according to Hawkes.
In the course of the year, a total of 40 audits and inspections were carried out by the office. That included a probe of the public sector’s information system (INFOSYS) during which “serious abuse” was detected in terms of inappropriate employee access.
The office found that the Department of Social Protection has good monitoring systems in place for identifying any staff member inappropriately accessing records held. However, the external agencies provided with access to the system “did not always demonstrate the same good practices”.
INFOSYS is a read-only portal allowing access to social welfare databases which include information on individuals, partners and their dependants.
“A worrying degree of inappropriate access to INFOSYS by state employees was detected as a result of the investigation,” said the report.
Explanations for the inappropriate views by users ranged from the “bizarre to the banal”: from the posting of Christmas cards and Mass cards to the reason of nothing other than ‘pure curiousity’ being cited in cases where family, neighbours’ and friends’ records were accessed.
The HSE was singled out by Hawkes as his office uncovered cases that indicated a lack of awareness among staff as to what constituted inappropriate access.
“The report reveals a disturbing failure of governance in some of the public bodies investigated,” the Commissioner outlined this morning. “Data sharing can bring benefits in terms of efficient delivery of public services. But it must be done in a way that respects the rights of individuals to have their personal data treated with care and not accessed or used without good reason.”
One of the reasons given by HSE employees was that they had “consent” of a family member. However, one employee searched the social welfare records of their son’s girlfriend.
Celebrities of interest
A separate investigation into the use of An Garda Síochána’s PULSE system has also revealed “inappropriate access”. An ad-hoc, on-the-spot inspection of usage and access in relation to a substantial number of public figures and celebrities who were recorded as victims or witnesses was undertaken.
At least two high-profile figures had their records accessed more than 80 and 50 times respectively by members of the force.
In addition, the number of PULSE accesses returned on the records of three high-profile media personalities and a well known inter-county GAA player “appeared to bear no relation to the valid entries relating to these individuals in connection with official police business”.
A new auditing system that was put in place following the matter being raised by the Office of the Data Protection Commissioner will be examined this year.
In 2012, eleven separate bodies were involved in 200 prosecutions by the ODPC. Three insurance firms were prosecuted after social welfare data was found on insurance claim files. They had been obtained by private investigators.
To embed this post, copy the code below on your site
have your say