Case Study 13/96 Criminal Conviction Sruck Out but Details remained on Garda Records
Some years ago a young man was convicted of a minor offence. He appealed the sentence, and the Probation of Offenders Act, 1907, was applied. This meant that his conviction was struck out and, for example, could not be mentioned if he were later prosecuted for something else.
Case Study 7/96 Legal Notification of Scheme
A State agency wished to notify potential clients of a proposed new scheme. An advertising campaign was planned, but previous experience suggested that it would be prudent to notify people individually as well. An unrelated Government Department had a database of clients which would serve as a suitable proxy for the new client group.
Case Study 6/96 Inadequate Security
The complainant wanted to buy a fridge in a shop. She enquired whether she could avail of an instalment payment scheme. The assistant checked some information about her on a computer screen. The complainant was upset, because her information was visible to other customers who were free to circulate around the computer.
Case Study 12/96 Information kept by the Companies Registration Office
I have had several complaints from company directors who found that information about them had been obtained from the Companies Registration Office and was to be published in a trade directory. One complaint came from a trade association which felt that the publication of the information could expose some of its members to personal danger.
Case Study 5/96 Statistical Investigations
Survey from a list from the Department of Social Welfare Live Register of the unemployed, in order to analyse and quantify the differences between these two measures of unemployment. The published results of the analysis were the subject of some comment in the media. A journalist telephoned my Office asking if this practice contravened the Data Protection Act.
Case Study 8/96 Disclosure of an Address to a Charity
A caller from a charity rang to say that a well-wisher was offering them a list of names and addresses on computer, which the charity could use for fund raising. This sounded like a good idea, but the charity sought the advice of my Office before accepting the offer.
Case Study 1/96 Disclosure of names on the Internet
A professional association wished to publish a list of its members on the Internet for the information of the public. The association already published the list in a book. The members understood that the book was widely circulated in a specific sector as this had been the practice for many years. The association sought advice on data protection requirements in relation to the Internet.
Case Study 3/96 Compatibility of Use of Personal Data
Three people complained that a Government Department disclosed personal data (their names and addresses) to a state-sponsored company to promote a service, which was the responsibility of that Department. I decided that none of the provisions of the Data Protection Act were contravened........
Case Study 9/96 Fair Obtaining
A research company sent out a survey to named individuals, and requested them to reply to questions on the form and to return it anonymously. However, the prepaid envelopes bore unique four digit numbers, suggesting that the survey was not in fact anonymous. This raised concerns that personal data were being unfairly obtained, contrary to section 2 (1) (a) of the Act. A meeting was held with the company.
Case Study 4/96 Circulating Advertising Material
Arising from a complaint from an aggrieved employee, I was required to consider the use of the names and addresses of employees by their employers to advertise third party services. As part of its computerised payroll system, the organisation concerned provided a facility for deductions-at-source from wages in respect of a variety of services.
Case Study 14/96 Use of Closed Circuit Television (CCTV)
In recent times, several parties have sought advice on the privacy implications of the introduction of CCTV systems and have asked if such systems are regulated by the Data Protection Act. My advice has been that developments in both technology and the law suggest that such systems will shortly be governed by data protection legislation if this is not already the case.
Case Study 10/96 Access Request
A man made an access request to a public sector data controller, principally with a view to establishing how it had recorded and dealt with a series of contacts that he had had with it. He supplied the data controller with a considerable amount of detail of dates and times when he had made these contacts.
Case Study 2/96 Customer Disputed His Credit Rating
A customer made an access request to a financial institution and discovered that the institution had given him a rating with which he did not agree. He acknowledged that he had had some difficulties with his account, but he considered that the rating as it was explained to him by the financial institution suggested that the situation was more serious than it really was.
Case Study 11/96 Disclosure to a Bank
A data subject made an access request to a credit referencing agency. The material provided to her in response to this access request indicated that details of her credit standing had been accessed by a financial institution with which she had never had any dealings.