We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Data Protection

Private investigator gave information from Social Protection Department to insurance companies

Over 1,400 data protection complaints were made in 2016, up from 932 in 2015.

shutterstock_95538487 Shutterstock / Antonov Roman Shutterstock / Antonov Roman / Antonov Roman

THERE WERE A record number of complaints sent to the Office of the Data Protection Commissioner in 2016.

Some 1,479 complaints were sent to the office last year, up from 932 in 2015. Just over half of these complaints (56%) were about access.

data Data Protection Commissioner's Office Data Protection Commissioner's Office

The regulator received 26 ‘right to be forgotten’ complaints, with six upheld, 15 rejected and five currently still under investigation.

In its annual report for 2016, the office notes: “While the majority of complaints continued to be amicably resolved, we issued a record number of formal decisions, with 59 in total, compared to 52 in 2015. 1,438 complaints were concluded in 2016, up from 1,015 in 2015.”

data by yr Data Protection Commissioner's Office Data Protection Commissioner's Office

Over 2,200 valid data security breaches were recorded last year, a decrease from some 2,300 notifications reported in 2015.

Private investigators

2016 was the first full year of operation of the office’s Special Investigations Unit.

The office noted that the ongoing investigation into the private investigator (PI) sector “remained a central focus, leading to two successful prosecutions”.

One of the case studies highlighted in the report is that of PI James Cowley, who was charged with 61 counts of breaches of the Data Protection Acts 1988 and 2003 for “obtaining access to personal data without the prior authority of the data controller by whom the data is kept and disclosing the data to another person”.

The report states: “The personal data was kept by the Department of Social Protection. The personal data was disclosed to entities in the insurance sector – the State Claims Agency, Zurich Plc and Allianz Plc.

On 13 June 2016, at Dublin Metropolitan District Court, James Cowley pleaded guilty to 13 sample charges. He was convicted on the first four charges and the court imposed a fine of €1,000 in respect of each of these four charges. The remaining nine charges were taken into consideration in the sentence imposed.

“The investigation in this case uncovered access by the defendant to social welfare records held on databases in the Department of Social Protection. To access these records, the defendant used a staff contact who was known to him. Mr Cowley then used the information he had obtained for the purposes of compiling private investigator reports for his clients.

“These activities continued for a number of years up to September 2015, when our investigation team first made contact with him about its concerns in relation to his processing of personal data.

The full report can be read here.

Read: Two cases of patient records left on car roofs among 212 HSE data breaches

Read: ‘Ridiculous’: TD slams plan to make politicians stand up for Dáil prayer

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.