Complaints by people seeking personal data rise

THE DATA Protection Commissioner has reported a big rise in complaints made by people seeking access to personal data held by…

THE DATA Protection Commissioner has reported a big rise in complaints made by people seeking access to personal data held by State bodies and other organisations.

Last year the commissioner, Billy Hawkes, received 312 complaints about access rights, compared to 187 the year before, an increase of 67 per cent.

However, the overall number of complaints received by the commissioner remained static, at 1,031, according to his annual report to be published today. This is because of a big fall in the number of complaints about unsolicited direct marketing text messages, phone calls, fax messages and e-mails.

Mr Hawkes attributed the fall in such complaints to an increased awareness by companies of their data protection obligations and the impact of prosecutions, taken by his office, which challenged illegal practices in the text marketing sector.

READ MORE

The report highlights a high number of security breaches that occurred last year, including incidents at Jobs.ie, Bank of Ireland, the Comptroller and Auditor General’s office and the HSE. In these cases, computers or memory devices were lost or stolen and significant amounts of personal data were lost.

In the case of Bank of Ireland Life, which suffered the theft or loss of a series of laptops in 2007, an investigation by the commissioner established that customers were not told their personal data had been disclosed until six to eight months after the incidents occurred. There was a further delay in reporting the issue to his office as a result of internal investigations.

The commissioner determined that the bank had failed to have in place appropriate measures and it made a sizeable donation to charity.

Mr Hawkes said the response to these incidents was encouraging, with new guidelines on data security in the public sector and increasing recognition that proper handling of personal data was a matter of good customer service.

“If customers cannot trust the State or private companies to treat their personal information with respect, they will be increasingly reluctant to part with such information,” he said.

The report is critical of An Post and the way it handles certain data. Customers of An Post’s mail redirection service found that their details were entered on the TV licence database, a practice Mr Hawkes said lacked transparency.

A number of “perplexed” and “irritated” An Post customers complained to the commissioner after receiving personally-addressed letters alleging they did not have a television licence. However, the company refused to reveal the sources of its information.

Mr Hawkes said he could not allow this lack of information to continue and he expected significant movement on the issue.

He said positive moves in relation to data security had to be balanced against worrying moves which could fatally undermine progress. He expressed particular concern about the apparent failure to recognise the need for greater care in the use of PPSNs (Personal Public Service Numbers). “The extended requirement to retain telecommunications data for possible police use, in accordance with the EU data retention directive, also gives rise to security concerns – as well as more fundamental privacy issues.”

Running costs for the commissioner’s office, based in Portarlington, Co Laois, slightly exceeded €2 million last year, 11 per cent more than in 2007.

Paul Cullen

Paul Cullen

Paul Cullen is a former heath editor of The Irish Times.