The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

EMBARGO 8TH APRIL 2010 - 11.30 am

Data Protection Commissioner launches his Annual Report for 2009

The Data Protection Commissioner launched his report for 2009 today.  Once again, his report focuses on the responsibility of private and public sector organisations to treat the personal information of their customers and clients with respect. 

Complaints, investigations and prosecutions
During 2009 the Office of the Data Protection Commissioner opened for investigation 914 complaints.  This slight decrease on the figure for 2008 (1031) can be accounted in some respects for the almost halving over the last two years in complaints about unsolicited direct marketing text messages, phone calls, fax messages and emails.  This is attributable in part to a series of prosecutions against a number of companies operating in the premium rate text messaging sector.  Successful prosecutions in 2009 included four companies operating in the premium rate text messaging sector, a restaurant and a gym.  In all cases it was for repeat offences.

The Commissioner considers that the message from his Office should now be clear - entities that continue to commit offences in relation to electronic marketing face prosecution.

Data security breaches
The Commissioner also reports on efforts to minimise the number and impact of personal data security breaches and, when such breaches occur, to encourage organisations to voluntarily report the incidents to his Office.  119 data security breach incidents were reported to the Office in 2009, a 47% increase on the number of reports received in the previous 12 months (there were 81 reports in 2008).  The Commissioner reports on high profile data security breach incidents that occurred in 2009 involving Bord Gáis Éireann and the Health Service Executive (see pages 16 and 17 of the Report).

General Matters
The Commissioner also takes the opportunity of his Annual Report to highlight his concerns about the current inability of his Office to investigate the sending of unsolicited text messages, emails or the making of unsolicited phone calls by candidates for election or political parties.  He also outlines the outcome of an enagement with the Garda Siochana on its automatic number plate system.  The Report also outlines views conveyed by the Commissioner on the DNA Bill, the Communications (Retention of Data) Bill and a Spent Convictions Bill.  The report also details discussions with Google in relation to Google Streetview in Ireland.

Case Studies
The Commissioner's report also includes case studies of a number of specific investigations including:

  • Quinn Insurance seeking excessive Penalty Point information from individuals seeking motor insurance quotes
  • A paternity test result sent to the wrong address  
  • The use of postcards to communicate with customers regarding overdue accounts
  • An employer covertly surveilling an employee
  • Prosecution of Jackie Skelly Fitness for unsolicited marketing text messages
  • Prosecution of Brasserie Sixty6 for the sending of unsolicited direct marketing text messages 
  • Disclosure of personal information by an airline due to inappropriate security measures

Note:  The Annual Report is available for download in PDF format from the Data Protection Commissioner's website:    www.dataprotection.ie

Media Queries to:   Diarmuid Hallinan
Telephone              (057) 868 4800
Fax                        (057) 868 4757
Email                     dphallinan@dataprotection.ie
Website                 www.dataprotection.ie