The Data Protection Commissioner plans to carry out spot checks on public and private companies from next year to ensure they are in compliance with legal duties in the area.
Publishing his annual report for 2002, Mr Joe Meade said his office intended to visit organisations, such as banks, law firms and "maybe newspapers", to see if they had good data protection practices in place.
New auditing powers have been given to the commissioner under the Data Protection (Amendment) Act 2003, which was signed into law this month, and will be enforced from July 2004.
The commissioner said his office would be able to conduct "proactive" investigations, rather than merely waiting for complaints to emerge, thanks to an increase in staff from 17 to 21 in the coming months.
Detailing a selection of investigations last year, Mr Meade warned against unauthorised companies using the Personal Public Service Number (PPSN), saying he was fearful it would become "a national identity number by the back door".
He said he had no problem with such an identity number if it was openly debated in the Dáil, and relevant legislation was passed. However, he objected to the "function creep" applying to the PPSN whereby bodies unauthorised under the Social Welfare Acts were seeking to use it.
One such body was Aer Rianta, which had requested PPSNs from taxi-drivers operating at Dublin Airport.
After receiving complaints from a number of such drivers, the commissioner contacted the State body and informed it that the practice was a criminal offence. Aer Rianta immediately agreed to omit the PPSN request from its application form.
The question of PPSN also arose in the case of a complaint against the Department of Defence over the sharing of details on compensation claims for hearing loss with the Department of Social Welfare. Upholding the complaint, the commissioner found that the Department of Defence contravened the "purpose" and "compatible" disclosure principles of the Data Protection Act, 1988. Provisions allowed for the sharing of information only in "tightly-defined circumstances" and for the PPSN to be used as a common identifier.
Other investigations last year took place into:
A practice among motor insurance companies of asking applicants their marital status. The companies have since agreed to cease the practice.
A prominent merchant bank which was recording customer phone calls in a less than transparent manner.
A political party and a general election candidate, Fianna Fáil TD Mr Seán Ardagh, who canvassed on the eve of last year's general election using an automated telephone message. The commissioner established the practice was direct marketing, and as such should only be done with prior consent.
The report showed the number of inquiries made to the commissioner increased last year by 300 to 3,200. A total of 182 new complaints were made and 295 concluded, seven and 124 more, respectively, than in 2001.
Some 19 per cent of complaints were upheld, 37 per cent were not, and 44 per cent were resolved informally.
A survey accompanying the report showed public awareness of the office had increased to 39 per cent from 25 per cent in 1997. It also established Irish people valued their privacy highly, even higher than issues such as consumer protection and ethics in public office. Some 60 per cent of respondents said they detested direct marketing phone calls.
The report can be read in full at www.dataprivacy.ie
