State bodies urged to be more aware of data protection issues

Seminar hears those dealing with phone queries must be alert to techniques of private investigators

Data Protection Commissioner Helen Dixon and Minister of State for Data Protection Dara Murphy at a seminar in the Royal Hospital Kilmainham on Thursday. Photograph: Maxwells
Data Protection Commissioner Helen Dixon and Minister of State for Data Protection Dara Murphy at a seminar in the Royal Hospital Kilmainham on Thursday. Photograph: Maxwells

Staff in the state sector who deal with phone calls from the public need to be on guard against private investigators and other seeking to improperly obtain personal information from them, Minister for Data Protection Dara Murphy said.

Speaking after he hosted a major seminar on data protection for some 200 people in the state and semi-state sector in Dublin on Thursday, Mr Murphy said the state sector has to “significantly up its game” on data protection and that they had to lead by example.

The techniques of private investigators, who have been known to obtain other people's personal information from state bodies and government departments by so-called 'blagging', were among the issues discussed at the event in the Royal Hospital Kilmainham.

The Minister told The Irish Times this was a "growing difficulty". Three private investigators were prosecuted by the Data Protection Commissioner last year in relation to obtaining personal information from state organisations and passing it to credit unions for tracking debts.

READ MORE

Mr Murphy and Data Protection Commissioner Helen Dixon both addressed the event, which was closed to media.

Speaking after the event, Mr Murphy said he had established an interdepartmental committee on data protection which was meeting every two months. He now wanted to extend that to the semi-state and state sector.

The forthcoming General Data Protection Regulation and what changes it would mean for the state sector was also on the agenda on Thursday, as was the subject of audits by the commissioner.

Mr Murphy said that while the regulation was possibly two years away, there were certain measures organisations could take now. This would feed into a “national effort” by his department, which also included doubling resources for the Data Protection Commissioner.

Asked whether he was happy with how the state sector was now dealing with personal information, Mr Murphy said it was “lagging behind the private sector in terms of engagement to date, but we still have a couple of years before the regulation will come in”.

“I don’t see today as the end of the process. I’m happy that we’ve started and I’m happy we have a level of engagement. But I think the state sector has to up its game significantly in the space of data protection.”

He said some organisations were “very engaged” and others needed to become engaged.

“We are at fault for that too because we haven’t up to last year resourced the Data Protection office sufficiently,” he said.

On major projects such as Eircodes and the Department of Education’s Primary Online Database, Mr Murphy said there should “always” be prior consultation with the commissioner’s office before such projects were rolled out.

He was satisfied engagement was taking place between the relevant departments on these two projects.

“We need to embed a proactive focus on the protection of individuals’ data and their right to privacy across the public sector and ensure that public sector bodies have the capacity to deal with data protection as a matter of priority.”

Mr Murphy said the participation of Ms Dixon and her team at the event would give public sector bodies “an important insight into the expectations of the regulator in terms of practice and compliance”.