Data Protection Commissioner

[text version]

2003

Case Study 1/03 - Drogheda Hospital

Drogheda Hospital- investigation into a consultant's practice- patients felt consent was necessary- balance to be struck with concerns for public health issues overall. I received many complaints from former patients of a Drogheda hospital in relation to the manner in which an investigation was carried out by a health board into the conduct of a consultant's practice.
view more


Case Study 2/03 PMI Ltd

PMI Ltd mailing list rented in good faith by a bank resulted in minors being marketed for credit cards without proper consent. In early January 2003 I received a complaint from an individual to the effect that his ten year old daughter had received unsolicited mail from a bank offering her a credit card. The letter was addressed to the child using "Blackrock, Co. Dublin" as the postal address.
view more


Case Study 3/03 Visa Application Details

Visa application details accidentally put on website of Department of Justice, Equality and Law Reform A journalist contacted my office with urgent concerns regarding the publication on a website of personal details of visa applicants. I investigated the matter and found that the personal data of visa applicants had been displayed by the Immigration & Citizenship Division of the Department of Justice, Equality & Law Reform on the Department's website on 6 February, 2003.
view more


Case Study 4/03 - Access To Medical Records

Access to medical records on a change of general practitioner. A person contacted me regarding her difficulty in obtaining her actual medical file which she had formally requested from the local Health Centre under section 4 of the Data Protection Acts. She explained that she was a private patient of a doctor at the Centre which catered for General Medical Service's patients the doctor treated patients on a private basis also.
view more


Case Study 5 /03 Realm Communications

Unsolicited SMS texting and direct marketing I received a number of complaints from people who had received unsolicited mobile phone text messages from Realm Communications offering a free stay in one of 30 Irish Hotels. The text messages were sent during the summer of 2003 when S.I.192/2002 was the operative legislation in this area.
view more


Case Study 6/03 Inappropriate Disclosure

Inappropriate disclosure by a headhunting firm of a person's CV to his current employer. I received a complaint from a Technician Engineer and Project Management Practitioner in the specialist areas of Civil, Structural and Construction Engineering. For some months previously, he had been seeking a career change. He submitted his CV and covering letter to a particular Recruitment Agency, with a view to them distributing these documents to companies of interest to him.....
view more


Case Study 7/03 Aer Lingus

Payroll data was not disclosed inappropriately when not paying Impact trade union members' wage increases. Three employees of Aer Lingus complained that information held on the Aer Lingus payroll database regarding their authorisation to allow deductions at source in respect of their union subscriptions was used by Aer Lingus to identify and single them out as IMPACT members and deny them pay increases and refuse them staff travel privileges.
view more


Case Study 8/03 Catholic Church Baptismal Records

Catholic Church baptismal records deletion request not upheldI received a complaint during 2003 from an individual living in the Netherlands who stated that he had contacted the parish priest in a Catholic church in Ireland where as a baby he believed he had been baptised in 1978. He had requested to have his name removed from church records and that his request had been refused on the grounds that it was not possible to be removed from the church register.
view more


Case Study 9/03 Referral of Medical Consultant's Cinical Notes

Referral of medical consultant's clinical notes for review without his or the patients' consentA medical consultant complained that a health board had sent the clinical notes of five of his patients to a risk management group in England in March, 2000. His consent was not obtained for the release of his patients' personal information while it also appeared that patient consent was not obtained.
view more


Case Study 10/03 Department of Social and Family Affairs

Department of Social and Family Affairs market research survey on customer satisfaction by an agency did not breach Data Protection provisions An individual complained that the Department of Social and Family Affairs(DSFA), had disclosed her name and address to the Market Research Bureau of Ireland (MRBI) for the purposes of conducting research and that subsequently, a representative of the MRBI visited her home to conduct an interview.
view more