LAST WEEK, A member of the public found four pages of a document on the street.
These pages contained personal details of 18 patients at Our Lady of Lourdes Hospital in Drogheda.
Also last week, new data protection legislation was published by the government. Once enacted it will give people the right to seek compensation for breaches of their data protection rights, but only private sector bodies will be liable for huge fines under the laws.
Sinn Féin TD Imelda Munster told TheJournal.ie that this latest example of a data breach for patients in Drogheda – the third such case in recent years – shows that this legislation must look at fines for public sector bodies, also, to punish serious data protection breaches.
On the street
The man who found the documents on the street – which contained names, dates of birth and details of the patients’ conditions and treatments – handed them into local radio station LMFM.
The Data Protection Commission was made aware of the case, and said it was liaising with the hospital on the issue.
Documents released to TheJournal.ie under the Freedom of Information Act last year, showed other examples of data protection issues at the hospital.
Three separate incidents in which sensitive patient documents were lost or found in the vicinity of hospital grounds occurred during February and March 2016 at Our Lady of Lourdes Hospital in Drogheda.
In February, wind scattered documents being carried by a staff member between buildings at the hospital. Two pages of a completed service application form were never recovered.
Later that month, a handwritten note containing a patient’s personal details was found in a waiting room; and in March, a document containing information relating to 13 patients was found “in the vicinity of the hospital grounds”.
Internal documents last year also should that there were 113 data protection breaches involving sensitive information held by the HSE in 2015.
Munster said: “You’d feel violated in many ways. This can very, very personal medical history and conditions left in the street.
There are serious questions to be asked here. We need assurances this won’t happen again.
Launching the new data protection legislation last week, Minister for Justice Charlie Flanagan described it as a “major piece of legislation” that would embed new EU regimes into Irish law.
“In a nutshell, what the general data protection regulation will deliver is stronger rules on data protection,” he said. “People will have more control over their personal data and businesses will benefit from a level playing field.
The new legislation will introduce transparency so that people know what their personal data may be put to… It will no longer be acceptable to direct users to terms and conditions written in legal jargon.
The issue of fining public bodies for these cases was raised by Data Protection Commissioner Helen Dixon last year, at an Oireachtas committee hearing.
She said: “The purpose of the punitive fines provided for in the new law is to act as a deterrent to all types of organisations, and we see no basis upon which public authorities would be excluded.”
Sinn Fein’s Munster raised the issue with Flanagan in the Dáil this week in relation to the new proposed data protection laws.
She asked: “Will the Taoiseach instruct the HSE to meet those patients who are affected and apologise to them? How will the Data Protection Bill address such repeated breaches? Why are public bodies such as the HSE exempt from fines for data breaches? Will this also be addressed in the Bill?”
Flanagan replied that he shared the Louth TD’s concern on the issue and, while he couldn’t comment on anything directly to do with the HSE, he was keen to have the new legislation discussed as soon as possible.
“There are a number of issues involved in the legislation, one of which was mentioned by the deputy, that can be the subject matter of debate,” he said. “I am very keen that we introduce the legislation this week.”
Munster added to TheJournal.ie: “This kind of flippant attitude to people’s data doesn’t protect them. We must be able to put similar scrutiny on public bodies and hold them as accountable with our data.”