Data Protection Commissioner launches his Annual Report for 2013
The Data Protection Commissioner, Billy Hawkes, today launched his annual report for 2013. As in previous years, the report summarises activities of the Office during 2013 by reference to specific investigations and audits undertaken as well a summary of policy matters and EU/international activities.
2013 was the year of revelations about the extent of access by US and European intelligence agencies to data. This has sparked an important and welcome debate on the proper balance between national security and privacy considerations for the 21st Century.
Against this backdrop, the Commissioner is also highlighting in his Foreword data protection concerns in relation to the safeguarding by State Agencies of personal data entrusted to them by citizens.This annual report also contains a summary of the findings and recommendations of the recently publishedaudit of An Garda Síochána. The completion of this audit means that the Office now has completed audits of three major State holders of personal data – the Department of Social Protection, the Revenue Commissioners and An Garda Síochána.
The annual report also draws attention to the fact that many individual complaints referred to the Office in relation to difficulties gaining access to their personal data are as a result of poor customer service standards by commercial entities. Increasingly our investigation findings indicate that individuals who consider that they are not receiving adequate customer service from commercial entities resort to exercising their data protection right to request a copy of all personal data held by that entity. This course of action may not have become necessary had the customer's initial queries been dealt with by the entity in a timely and comprehensive fashion. This trend in complaints arising from poor customer service standards is a source of concern for the Office.
During 2013, the Office opened 910 complaints for investigation.Complaints from individuals in relation to difficulties gaining access to their personal data held by organisations accounted for almost 57% of the overall complaints investigated during 2013.With 517 complaints in this category, this represents a record high number of complaints concerning access requests. The annual report draws particular attention to issues which we have identified in the course of our investigations of access request complaints. Complaints in 2013 about unsolicited marketing communications under the Privacy and Electronic Communications Regulations are at a similar level to recent years with a total of 204 opened for investigation.
The annual report includes case studies of a number of specific investigations including:
- The prosecution in District Courts across the State of a number of companies for unsolicited marketing offences.
- Unlawful accessing of Departmental records by an official of the Department of Social Protection for their own personal use.
- The disclosure by Carphone Warehouse of a customer's details to strangers and the distressful consequences for the customer concerned.
Data Security Breaches:
In 2013, the Office dealt with 1,577 Data Security Breach notifications. For the second year, the annual report contains a selection of case studies regarding a number of Data Security Breach investigations, including:
- Report of investigation into data security breach at Loyaltybuild Ltd.
- The taking of a client list by an ex-employee to a new employer, which is emerging as a recurring issue.
- The first notifications by telecommunication companies via the new online reporting mechanism laid down in European Commission Regulation 611/2013.
44 audits and inspections were carried out in 2013. This was an increase of 10% on the previous year.A list of the organisations audited during 2013 is included in the report. More comprehensive details of the following audits are contained in the report:
- Summary of the findings and recommendations of the audit of An Garda Síochána.
- Details of Commencement of the audit of Linked-In Ireland.
- Global Privacy Internet Sweep – a review of websites in terms of their privacy policies conducted by a number of Data Protection Authorities internationally.
- "Cookie Compliance" Sweep.
The Annual Report is available for download from the Data Protection Commissioner's website www.dataprotection.ie
Media Queries to: Ciara O'Sullivan
Telephone: 057 8684800