2004 Case Studies
2004 Case Studies
Case Study 1/04- Employment matters – claim of legal privilege and access to medical data in the workplace
An employee of a major national company had been requested to attend a doctor nominated by the employer in the context of his on-going sick leave. His employment was subsequently terminated and he made an access request under section 4 of the Data Protection Acts for a copy of the medical report.
I received a complaint from an individual who had applied for a specialized medical post with a major hospital. He had forwarded his CV accompanied by a letter in which he stated that he withheld consent to the organisation contacting the referees listed on his CV until "mutual interest" had been established and he had time to appraise the referees of his intentions.
The Bar Council complained to me about the use of their members' data by a publication "The Irish Legal Professional" which was published by the Ashville Media Group.
Case study 5/04 - Political database and a charity request, "spamming" of constituents and non co-operation from a County Councillor
During the year, I received two complaints concerning matters relating to political activity which raised important Data Protection issues.The first related to a political party. It was alleged by the complainant, a member of this party, that another local member of the party who was also a member of a charitable organisation had sent him a fund-raising letter on behalf
Affordable housing, credit checks and website publications. It came to my attention that Laois County Council were requiring applicants for Council Loans and Affordable Housing to apply to the Irish Credit Bureau for details of their credit histories.
I received a complaint about Eircom not respecting a Barring Order that had been granted against her husband. Though she had changed the telephone account details from his name to her name, he had still been able to contact Eircom and had the access codes for voicemail reset so that he could access her voicemail.
I received a complaint about the publication on a local authority website of the details of applicants for Planning Permission. I established that local authorities do not have discretion in relation to the publication of information which is included on a particular planning application.
Case Study 9/04 - Inadvertent disclosure of client data by the Midland Health Board to a research body
The Midland Health Board brought to my attention voluntarily that there had been a breach of the Data Protection Acts in that data had been disclosed inadvertently to a research body without the consent of the data subjects concerned. Section 2D(1)(b) of the Data Protection Acts 1998 and 2003 provides that "Personal data shall not be treated, for the purposes of section 2(1)(a) of the Acts, as
I received a number of complaints during 2003 relating to marketing activity by Bank of Ireland in schools where 12 and 13 year olds had received presentations by Bank staff and were offered the opportunity of opening an account. The complaints centered on the lack of parental consent, details on parents being sought, the procedure by which the teacher confirmed the identity of students and the fact that when an account