Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/RTimages
obliging

The HSE divulged salary details of one of their employees to a person 'who asked for them'

There was a nearly 50% jump in data breaches notified to the data protection commissioner Helen Dixon in 2014.

AN EMPLOYEE OF the Health Service Executive had details of his salary given to his ex-wife by his employers after she simply asked for them.

The story has come to light as part of the Irish Data Protection Commissioner (DPC) Helen Dixon’s annual report for 2014.

The HSE worker became aware of the situation when his ex-wife took to him to court in the summer of 2013 regarding maintenance payments and produced exact details from his payslips.

In December 2013 she returned to court and this time produced her ex-husband’s P60 together with four separate payslips.

When questioned on the matter by the commissioner the HSE acknowledged that on two separate occasions their employee’s salary details were released without his consent, although only one of the people responsible for the disclosures was identified.

It seems that the breaches resulted from persistent requests on the part of the ex-wife’s accountants to the HSE regarding payments her former partner was obliged to make following court orders.

The HSE offered a letter of apology to their employee but he chose to reject the offer, instead requesting a formal judgement from the DPC, which was duly made in his favour.

Other cases that the commissioner was obliged to deal with included:

  • Dun Laoghaire Rathdown County Council accidentally disclosing a private email address to third parties in April 2014
  • Eircom failing to meet the statutory timeframe (40 days) for processing an access request in September 2013
  • Private data of a large number of third level students (including email addresses and passwords) being found on third party websites in 2010

dixon2 YouTube YouTube

In introducing the report Dixon, who took over the DPC role from Billy Hawkes last September, said that “data protection is, you will be unsurprised if I tell you, a very fast-moving field”.

2014 saw almost a 43% increase in the number of data breaches notified to the DPC from 1,583 in 2013 to 2,264.

Dixon maintains that her office is in a “stronger-than-ever position to continue, in Ireland and beyond, helping to shape the data-protection environment and ensuring proper compliance with the relevant laws”.

Audits of an Garda Síochána and a number of private investigators were among the official duties performed by the DPC in 2014, while one of the most significant challenges they faced was the controversy surrounding Irish Water and its accumulation of customer’s PPS numbers.

Read: Facebook can recognise you in photos even if it can’t see your face

Read: Parents registering their kids for GP care were shown other people’s details

Your Voice
Readers Comments
15
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.