The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission


Case Study 1/03 - Drogheda Hospital
Drogheda Hospital- investigation into a consultant's practice- patients felt consent was necessary- balance to be struck with concerns for public health issues overall. I received many complaints from former patients of a Drogheda hospital in relation to the manner in which an investigation was carried out by a health board into the conduct of a consultant's practice.
view more

Case Study 2/03 PMI Ltd
PMI Ltd mailing list rented in good faith by a bank resulted in minors being marketed for credit cards without proper consent. In early January 2003 I received a complaint from an individual to the effect that his ten year old daughter had received unsolicited mail from a bank offering her a credit card. The letter was addressed to the child using "Blackrock, Co. Dublin" as the postal address.
view more

Case Study 3/03 Visa Application Details
Visa application details accidentally put on website of Department of Justice, Equality and Law Reform A journalist contacted my office with urgent concerns regarding the publication on a website of personal details of visa applicants. I investigated the matter and found that the personal data of visa applicants had been displayed by the Immigration & Citizenship Division of the Department of Justice, Equality & Law Reform on the Department's website on 6 February, 2003.
view more

Case Study 4/03 - Access To Medical Records
Access to medical records on a change of general practitioner. A person contacted me regarding her difficulty in obtaining her actual medical file which she had formally requested from the local Health Centre under section 4 of the Data Protection Acts. She explained that she was a private patient of a doctor at the Centre which catered for General Medical Service's patients the doctor treated patients on a private basis also.
view more

Case Study 5 /03 Realm Communications
Unsolicited SMS texting and direct marketing I received a number of complaints from people who had received unsolicited mobile phone text messages from Realm Communications offering a free stay in one of 30 Irish Hotels. The text messages were sent during the summer of 2003 when S.I.192/2002 was the operative legislation in this area.
view more

Case Study 6/03 Inappropriate Disclosure
Inappropriate disclosure by a headhunting firm of a person's CV to his current employer. I received a complaint from a Technician Engineer and Project Management Practitioner in the specialist areas of Civil, Structural and Construction Engineering. For some months previously, he had been seeking a career change. He submitted his CV and covering letter to a particular Recruitment Agency, with a view to them distributing these documents to companies of interest to him.....
view more

Case Study 7/03 Aer Lingus
Payroll data was not disclosed inappropriately when not paying Impact trade union members' wage increases. Three employees of Aer Lingus complained that information held on the Aer Lingus payroll database regarding their authorisation to allow deductions at source in respect of their union subscriptions was used by Aer Lingus to identify and single them out as IMPACT members and deny them pay increases and refuse them staff travel privileges.
view more

Case Study 8/03 Catholic Church Baptismal Records
Catholic Church baptismal records deletion request not upheldI received a complaint during 2003 from an individual living in the Netherlands who stated that he had contacted the parish priest in a Catholic church in Ireland where as a baby he believed he had been baptised in 1978. He had requested to have his name removed from church records and that his request had been refused on the grounds that it was not possible to be removed from the church register.
view more

Case Study 9/03 Referral of Medical Consultant's Cinical Notes
Referral of medical consultant's clinical notes for review without his or the patients' consentA medical consultant complained that a health board had sent the clinical notes of five of his patients to a risk management group in England in March, 2000. His consent was not obtained for the release of his patients' personal information while it also appeared that patient consent was not obtained.
view more

Case Study 10/03 Department of Social and Family Affairs
Department of Social and Family Affairs market research survey on customer satisfaction by an agency did not breach Data Protection provisions An individual complained that the Department of Social and Family Affairs(DSFA), had disclosed her name and address to the Market Research Bureau of Ireland (MRBI) for the purposes of conducting research and that subsequently, a representative of the MRBI visited her home to conduct an interview.
view more