LIBRARY RECORDS OF 20 people living in north Dublin were altered to add in information of a “highly inappropriate, sexually explicit nature”, the Data Protection Commissioner (DPC) has found.
The details of the audit of a new system in Malahide Library, Dublin are outlined in the DPC’s latest annual report, published today.
Audits of Irish Prison Service prisoner management centres, BT Ireland, Virgin Media, Three, and the Child and Family Agency Tusla are also included in the report.
The annual report says the DPC singled out the new library management system, Sierra, for further examination once the system was live across the majority of libraries across Ireland. Malahide Library was subsequently selected for audit.
During the course of this engagement, the DPC outlined potential issues surrounding consent and inappropriate access to records. It told the library that access controls and trigger mechanisms would need to be included in the final version of the system.
Shortly before the August 2017 audit of Malahide Library, Fingal County Council contacted the DPC informing it of a recent incident where a library staff member based in another local authority inadvertently came across the borrower record of a library borrower in Fingal which contained data entries of a highly inappropriate, sexually explicit nature.
Fingal County Council then established that the records of 20 Fingal library borrowers had been edited in this manner and these records had, in fact, been imported from the previous library management system Galaxy onto Sierra.
The DPC noted that there was no way of tracing the borrower records on either the Galaxy or Sierra systems to help identify the source of the edits. It said that staff in each library were using generic logins to access the systems.
The Commissioner’s office then instructed the library’s unit of the LGMA to implement audit trails “as a matter of priority” and to create individual login usernames and passwords.
It also noted that a function should be built into Sierra where staff are automatically prompted to change their passwords on a regular basis.
Overall complaints
The annual report revealed that the DPC received 2,642 complaints in 2017, rising 79% since 2016 figure of 1,479.
The largest single category was Access Rights, which made up 1,372 complaints (52%) of the total.
2,594 complaints were concluded in 2017, compared to 1,438 in 2016.
A total of 2,795 valid security breaches were recorded in 2017. This represents an increase of 26% (571) on the numbers reported in 2016.
To embed this post, copy the code below on your site
have your say