Data Protection Commissioner

 [text version]
Home  /  FAQ  /  2009

FAQ


FAQ - PPSN - Landlord

Can my Landlord request my PPSN?
view more


FAQ - PPSN - Recruitment

When applying for a new job, can a prospective employer seek the PPSN of candidates as part of the application process?
view more


FAQ - PPSN - NPPRP Tax

My PPSN is being sought in connection with a Non Principal Private Residence Property Tax return?
view more


FAQ - Debt collection agency

My personal information has been passed to a debt collection agency?
view more


PPSN - new account

Can a bank as for my PPSN when I am opening a new account?From 1st January 2009, financial institutions are  required to seek the PPSN of all persons opening a new account in accordance with the Return of Payments Regulations (S.I. No 136 of 2008).  The Revenue Commissioners, following consultation with this Office, developed guidance in this area which is available on its website. These guidelines state that 'while there is a requirement in Regulation 7 (4)(a) to seek the tax
view more


FAQ - management companies

1.10  Can Management Companies disclose to all members details of those property owners/members that have not paid service charges ?In general, no, unless there is a legal basis for such disclosure -  for example, in the memorandum and articles of association of the company.
view more


FAQ - passport

4.8  Can my employer ask me to bring in my passport (to take a copy for HR records)?An employer may ask to see your passport at recruitment stage if this is necessary to show that you are entitled to work in Ireland.  An employer may note such passport details on your personnel file.  It should not be necessary for an employer to retain a copy of your passport and such action could be a breach of the Data Protection Acts.  .
view more


FAQ - Nature of illness

4.9  Can my employer demand that my sick certificates set out the nature of my illness?In general, no. Under the Data Protection Acts, medical data is defined as sensitive data.  An employer has a legitimate interest in knowing how long an employee is likely to be absent from work. S/he also has a legitimate interest in knowing whether an employee, following an accident or illness, is capable of doing particular types of work.  Requiring employees to produce standard individual
view more


FAQ - Import Tax

1.11  A debt recovery organisation has contacted me for payment of import tax associated with an overseas purchase I made some time ago.  How did they get my details? This practice of seeking the import duty -  which we understand falls due to be paid, under Irish customs requirements, following delivery of goods -  is not one which gives rise to any data protection issues.  We understand
view more


FAQ - Job Advertisements

1.12 If you have provided details of your bank account in your reply to the advertisement, you should  contact your bank  to tell them what has happened.   This will allow your bank to apply special checks to your account in case the people behind the bogus ad tried to get access to it.  You should also consider applying to the Irish Credit Bureau to have a protective registration recorded
view more


FAQ - Streetview

1.13  I have a concern about images available through Google Streetview, what should I do?In advance of Google Maps Street View capturing imagery in Dublin, Cork, Galway, Limerick and Waterford, this Office had extensive interactions with Google in relation to privacy concerns surrounding Street View.  If an individual does not wish for an image of their house to be visible on Street View, they should send an email to
view more


FAQ - Vehicle Tracking

4.10  Can my employer use GPS / Vehicle Tracking Systems? 
view more


FAQ - Staff photographs

4.11  Can my employer post my photograph on the internet / intranet without my consent?Not unless s/he has very convincing reasons for doing so. A photograph of a person is their personal data and therefore any use of that photograph must be in accordance with the Data Protection Acts. This normally means that the person must give their consent to such use. 
view more


FAQ - CCTV in schools

6.4  Can my school introduce a new CCTV system?CCTV may be used legitimately for security related purposes at the perimeter of a school.  Any use beyond this would need to be fully justifiable and evidence-based with a very high threshold for such evidence.  This is particularly the case in a school environment as most of the personal data processed will relate to minors. 
view more


FAQ - back up data

3.16  Should back-up data be considered as part of an access request?Back-up data are data kept only for the limited purpose of replacing other data in the event of their being lost, destroyed or damaged. Data kept for any other purpose, such as archive data, would not be considered back-up data. As back-up data are meant to be only copies of “live” data, they are not subject to the same strict rules as “live” data. They are not considered to be subject to an access request made pursuant
view more


FAQ - Eflow

1.14  I have received a toll notice from Eflow, how did they obtain my details?In relation to the M50 Barrier Free Tolling Scheme and the access by a private entity to official vehicle ownership data, we have established that an appropriate legislative basis exists for such access by the NRA (under the provisions of the relevant Roads Acts (Section 64A(1) of the Roads Act 1993 as inserted by the Roads Act 2007)).  The M50 operator (eFlow) is acting under the aegis of the NRA in this
view more


FAQ - mailing lists

1.15  I want to circulate an email to a number of recipients, what are the data protection considerations?In certain circumstances an email address can be considered “personal data” and subject to the provisions of the Data Protection Acts 1988 & 2003. Section 2(1)(d) sets out that “appropriate security measures shall be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data, in particular where the processing involves the transmission of
view more


FAQ - ICB checks

1.16  Can a lender request a prospective borrower to carry out an ICB credit check for submission to the lender as part of the loan application process?No. The right of access to personal data is to allow an individual to check for themselves that their personal data is not being misused by an organisation.  It is an offence under Section 4 (13) of the Data Protection Acts to require an individual to make an access request in such circumstances. While this sub-section of the Acts is
view more


2.12 Can I ask my customers to provide the electronic contact details of friends as part of a "refer a friend" scheme so that I can market

2.12 Can I ask my customers to provide the electronic contact details of friends as part of a "refer a friend" scheme so that I can market them about my products and services?It is an offence under the provisions of SI 535 of 2003 as amended by SI 526 of 2008 to send an unsolicited marketing message to someone where there is no existing customer relationship. The onus is on the sender to show that the recipient has consented to the receipt of such messages. It is difficult to see how the
view more


2.13 Can I ask my customers to inform their friends via my website as part of a "tell a friend" scheme about my products and services?

2.13 Can I ask my customers to inform their friends via my website as part of a "tell a friend" scheme about my products and services?This depends on the way the scheme operates. It is more likely to be acceptable if the content of the message is determined solely by the sending customer.
view more



 




Office of the Data Protection Commissioner. Canal House, Station Road, Portarlington, Co. Laois, Ireland.
LoCall 1890 25 22 31 | Phone 00353 57 868 4800 | Fax 00353 57 868 4757 | email info@dataprotection.ie

Level Double-A Conformance to Web Content Accessibility Guidelines 1.0