ODPC report: 'Scant regard' for data protection in some State bodies

Monday 12 May 2014 19.39
The ODPC said many data request complaints could have been avoided by better customer service
The ODPC said many data request complaints could have been avoided by better customer service

Senior management in some State organisations show "scant regard" for their duty to safeguard personal data entrusted to them, according to the Office of the Data Protection Commissioner (ODPC).

In its 2013 annual report, which was released today, the ODPC said that more than half of all the complaints made to the ODPC last year were from members of the public who experienced difficulties gaining access to personal data held by organisations.

More than half of all the complaints (517 of 910 opened in 2013) made to the ODPC last year were from members of the public who experienced difficulties gaining access to personal data held by organisations.

The number is a record high for the ODPC, which said the complaints could have been avoided in many cases with better customer service.

The increase in the number of complaints arising out of poor customer service was a concern, the ODPC said.

1,577 data security breaches were notified to the commissioner’s office last year, the largest being the result of the hacking of the customer databases of Co Clare based Loyalty Build.

A recurring issue, according to the ODPC, is also the taking of client lists by employees departing from companies.

The ODPC carried out 44 audits in 2013, including of An Garda Siochána (AGS).

In relation to the audit of AGS, the report said that overall, "we found that the majority of the areas examined demonstrated a professional police force operating in compliance with data protection legislation".

However, the ODPC said that while it "was generally satisfied with the in-built data protection mechanisms in Pulse, this was not the case in relation to the oversight of access by individual AGS members to records of individuals and the related risk of disclosure outside of AGS.

"The Audit Team came across disturbing instances of such improper access." In response to this improper access, the ODPC said, AGS had instigated a three-pronged approach to counter any future inappropriate access.

It also did a sweep of the compliance of certain websites to rules regarding the use of cookies; software used by websites which gather information about users.

In his foreword to the report, Data Protection Commissioner Billy Hawkes welcomed the "long overdue debate" about state access to personal data that took place last year following the revelations by former US National Security Agency contractor, Edward Snowden.