THERE WERE A record number of complaints sent to the Office of the Data Protection Commissioner in 2016.
Some 1,479 complaints were sent to the office last year, up from 932 in 2015. Just over half of these complaints (56%) were about access.
The regulator received 26 ‘right to be forgotten’ complaints, with six upheld, 15 rejected and five currently still under investigation.
In its annual report for 2016, the office notes: “While the majority of complaints continued to be amicably resolved, we issued a record number of formal decisions, with 59 in total, compared to 52 in 2015. 1,438 complaints were concluded in 2016, up from 1,015 in 2015.”
Over 2,200 valid data security breaches were recorded last year, a decrease from some 2,300 notifications reported in 2015.
Private investigators
2016 was the first full year of operation of the office’s Special Investigations Unit.
The office noted that the ongoing investigation into the private investigator (PI) sector “remained a central focus, leading to two successful prosecutions”.
One of the case studies highlighted in the report is that of PI James Cowley, who was charged with 61 counts of breaches of the Data Protection Acts 1988 and 2003 for “obtaining access to personal data without the prior authority of the data controller by whom the data is kept and disclosing the data to another person”.
The report states: “The personal data was kept by the Department of Social Protection. The personal data was disclosed to entities in the insurance sector – the State Claims Agency, Zurich Plc and Allianz Plc.
On 13 June 2016, at Dublin Metropolitan District Court, James Cowley pleaded guilty to 13 sample charges. He was convicted on the first four charges and the court imposed a fine of €1,000 in respect of each of these four charges. The remaining nine charges were taken into consideration in the sentence imposed.
“The investigation in this case uncovered access by the defendant to social welfare records held on databases in the Department of Social Protection. To access these records, the defendant used a staff contact who was known to him. Mr Cowley then used the information he had obtained for the purposes of compiling private investigator reports for his clients.
“These activities continued for a number of years up to September 2015, when our investigation team first made contact with him about its concerns in relation to his processing of personal data.
The full report can be read here.
To embed this post, copy the code below on your site
have your say