Data Protection Commissioner

[text version]

2006 Case Studies

Case Study 7 - Local Authority: Use of PPS Numbers

I received a complaint from a member of the public who had submitted an application for planning permission to a local authority on its Rural Housing Application Form. The complainant informed me that she was required to provide her PPS Number on the form and she expressed grave concern that this personal information would become publicly available as the local authority is obliged by law to make planning applications available to the public at its offices
view more


Case Study 8 - Local Authority: Minutes of council meetings.

I received a complaint from a member of the public concerning the publication on a local authority's website of the minutes of the Council's monthly meeting. The complainant informed me that his name and address had appeared in the minutes of the meeting in the context of the sale of lands and properties under the Affordable Housing and Shared Housing Schemes. He expressed concern at the publication of his personal data in this way on
view more


Case Study 9 - An Garda Síochána: Failure to respond to an access request on time.

I received a complaint in July 2005 that An Garda Síochána had failed to satisfy a data subject's request under Section 4 of the Data Protection Acts for access to his personal data.My Office commenced an investigation which lasted for a period of some eleven months. We established that An Garda Síochána initially provided the data subject with personal data which it had identified from a search of the PULSE database and of
view more


Case Study 10 - Caredoc: Failure to comply with an access request and appeal of an enforcement notice.

I received a complaint from the parents of a child that Caredoc (a medical facility in Carlow) had failed to comply with an access request under Section 4 of the Acts for access to the child's personal data.My Office received the complaint in January 2006 and commenced an investigation. We established that the child had attended Caredoc in May 2004 and that the access request was made by the solicitor for the
view more


Case Study 11 - Barcode/Westwood Club: Failure to comply with an access request for CCTV footage.

Barcode/Westwood Club: Failure to comply with an access request for CCTV footage. I received a complaint from a data subject alleging that Barcode Night Club of WestWood Club in Clontarf did not comply with his access request for CCTV footage in respect of himself, which had been recorded at a specified time in the early hours of a morning in August 2005. The data subject requested footage specifically from the cloakroom inside Barcode Night Club and outside the main gate. He had been involved in
view more


Case Study 12 - Ashbury Taverns: Failure to comply with an access request.

My Office received a complaint regarding alleged non-compliance with an access request. This complaint was made by a legal representative on behalf of a data subject formerly employed by Ashbury Taverns of Wexford.As the access request had not been complied with within the 40 day period, my Office wrote to the data controller. When no response was received, my Office also attempted to make contact on numerous occasions by telephone and by
view more


Case Study 13 - Irish Insurance Federation - Complaint about information on central registry.

My Office received a complaint from an individual regarding the refusal of the Irish Insurance Federation (IIF) to delete information from its central registry. The individual concerned had requested that the Irish Insurance Federation remove the details relating to her from the IIF central registry as she believed the information to be incorrect. Under Section 6 of the Data Protection Acts, 1988 and 2003, an individual
view more


Case Study 14 - School Archiving Project: Disclosure of personal data.

A former pupil of a national school in Dublin complained to me about a disclosure of personal data through the availability of school registers in Dublin City Libraries and in the National Archives.  These registers were indexed as part of the Wheatfield Indexing Project in Wheatfield Prison.The information contained in school registers, including names, addresses and dates of birth, is personal data within the meaning of the Data
view more


Case Study 15 - Ulster Bank: Excessive information sought from new customers.

In September of last year, it was brought to my attention that a branch of Ulster Bank was requiring new customers to provide, for the purpose of opening new current accounts, a copy of their P60 from the previous year, three recent payslips and bank statements for the previous three months. These documents were sought in addition to identity documents, such as passports and driving licences, which credit institutions are obliged by
view more


Case Study 1 - Talk Talk: Unsolicited direct marketing calls.

The marketing activity of a telecommunications service provider caused a number of complaints to be made to my Office in the first half of the year. Talk Talk (previously known as Tele 2 which was taken over by Carphone Warehouse and re-branded Talk Talk) was making marketing phone calls  to individuals who had already expressly told Talk Talk that they did not wish to be contacted, or who had exercised their right to be recorded
view more


Case Study 2 - Gaelic Telecom / Global Windows: Cold calling

I received a number of complaints from the public last year concerning unsolicited calls from GaelicTelecom, a telecommunications service provider. Of particular concern to me was the fact thatmany of the complainants were telephoned by Gaelic Telecom even though their preference not toreceive direct marketing calls had been recorded on the National Directory Database opt-outregister.My Office contacted Gaelic Telecom in
view more


Case Study 3 - DELL: Persistent direct marketing

If you do not want to receive direct marketing, you have a right to notify the sender that you object to receiving such material. This request must be made in writing and an organisation that fails to respect your stated preference shall be in contravention of the Acts.During the course of the year, I received a proportionally large number of complaints from individuals who were continuing to receive marketing material from DELL despite having
view more


Case Study 4 - SKY Ireland: Direct marketing by mail

I received a complaint from a member of the public in May 2006 concerning a direct marketing communication which he had received from Sky encouraging him to renew his subscription which he had cancelled in 2001. This was the second occasion on which this data subject complained to my Office concerning the receipt of direct marketing material from Sky. In 2005, on foot of the first complaint, my Office had been assured by Sky that the mailing had issued to
view more


Case Study 5 - Opera Telecom: Forced to delete database

I received a complaint from an individual regarding the receipt of an unsolicited text message in November 2005. The message, sent by Opera Telecom, was a promotional message for a subscription service.When my Office investigated the matter it was discovered that the complainant had attended a major music concert in Croke Park in June 2005. During the concert, those attending were encouraged to text support for the Global Call Against Poverty Campaign.
view more


Case Study 6 - News of the World: Limits of the Media Exemption.

Breaches of data protection rights of individuals by publication of material in the media, as described in last year's annual report, remained an issue during 2006. I made two separate decisions in the course of the year that newspapers had breached their obligations under the Data Protection Acts. One such case involved the Sunday World. The other, described below, involved the Irish edition of the News of the World. Both cases
view more