Perpetrators of domestic and sexual violence are exploiting data protection legislation to find out where their victims are, a leading refuge provider has said.
Sonas Housing made the claim while accusing Tusla of revealing that a mother and child fleeing abuse were sheltering in a Sonas refuge to their alleged abuser. Sonas has one refuge – in north Dublin.
The mother and child have been moved to a safe house elsewhere in the charity’s network.
David Hall, chief executive of Sonas, says he believes Tusla also provided the man with the name of the Sonas support worker who had notified Tusla of child protection concerns about the “very young” child, putting the staff member’s safety at risk.
Review: Kathryn Thomas shines a light on Ozempic in new RTÉ documentary. If only it was less coy about Operation Transformation
European leaders seem astounded by Trump’s bullying and blatant aggression
Trump halts US military aid to Ukraine, White House official says
Trump lambasts Kyiv and Europe over approach to ending Russia-Ukraine war
In addition, he said, the Data Protection Commission (DPC) – to which the man has appealed Sonas’s refusal to release information to him concerning his wife and child – is pressurising the body to provide it with a schedule of information the man wants.
Mr Hall said he will not release the information to either the man or the DPC.
In a highly critical statement on both the DPC and Tusla, he said: “The current environment for data [of women and children fleeing domestic violence] is unsafe at the moment.”
He said there were six other “live cases” where alleged abusers have applied for information that would confirm their partners and/or children were in housing provided by Sonas, the country’s biggest provider of domestic violence refuges.
“It is obscene in circumstances where there is an alleged abuser and where we are housing people in a safe space that anyone, including the Data Protection Commissioner, is seeking data from us to make a determination on whether to release it or not.”
In a letter to Tusla last Friday, Mr Hall criticised the agency’s “unauthorised disclosure of ‘sensitive personal’ data to a third party”, accusing Tusla of a “serious violation of data protection regulations”.
“Your actions have me very nervous and I’m carrying out a security review to ensure my team and clients are safe,” Mr Hall wrote.
The initial alleged data breach occurred when a Sonas support worker made four child protection notifications to Tusla about the child. Tusla was said to have notified the man of the allegations, and he made a “subject access request” to Tusla for files relating to him.
Details, including that his wife and child were in the Sonas refuge, were released to the man, according to Sonas. The man made a subject access request to Sonas, who refused. He appealed to the DPC.
In correspondence between the DPC and Sonas up to last week, seen by The Irish Times, Sonas invokes Article 15 (4) of the GDPR Act, grounding its refusal to release information to the commissioner on the provision that the right to “personal” data should not “adversely affect the rights or freedoms of others”.
To “even entertain” releasing data to the commissioner, says Mr Hall, would confirm Sonas was sheltering the woman and child.
Mr Hall said he would go to prison rather than hand over information that would identify Sonas service users or staff.
“This is similar to the legal lacuna that sees rape survivor’s counselling notes being handed over to her attacker’s legal team. There is a fundamental problem here both with the law and with how it is being applied.”
In a statement, Tusla said it did not comment on individual cases. “We are acutely aware of our responsibilities in relation to the very sensitive data we process. Where anyone does have a query or concern around data, we engage directly with the individual or organisation,” it said.
A spokesman for the DPC would not comment on an individual and ongoing case.
In 2020 Tusla was fined €75,000 for three data breaches, one of which was unintentionally providing a man accused of child sexual abuse with the address of the child and her mother’s telephone number.
