#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 8°C Thursday 19 May 2022

'Admin error' that led to McCabe allegations was not reported as HSE data protection breach

Documents released under an FOI show that the incident wasn’t listed among 103 data protection breaches reported between April 2014 and April 2015.

Maurice McCabe.
Maurice McCabe.
Image: Laura Hutton

THE ‘ADMINISTRATIVE ERROR’ that led to false sex-abuse allegations against Garda whistleblower Sergeant Maurice McCabe was not reported as a data protection breach, as required by protocol.

The Health Service Executive (HSE) claimed last weekend that the error had been brought to the attention of its Regional Manager for Data Protection and Consumer Affairs when it was discovered in May 2014.

However, records released under the Freedom of Information Act reveal that the incident was not listed among 103 data-protection breaches reported within the agency between April 2014 and April 2015.

These breaches included cases of medical notes being sent to the wrong patients, a Tusla report being attached to an information booklet and posted by mistake, and a patient’s chart being left on a garden wall.

But the incident in which a ‘copy-and-paste’ error resulted in false accusations of sexual abuse against Sergeant McCabe being held on file and shared with other agencies is not recorded on the HSE’s data-breach log.

Data protection laws place an obligation on organisations to ensure that personal information contained in their records is “accurate and, where necessary, kept up to date”.

The Data Protection Commissioner has held that this obligation is heightened in the case of data that “has potential to reflect on an individual’s personal character in a profound manner”.

HSE Data Protection Breach Management Policy requires all relevant incidents to be reported to Consumer Affairs or the ICT Directorate, and for an incident report to be completed by staff.

The local consumer affairs officer subsequently decides whether it is necessary to report suspected breaches to the Office of the Data Protection Commissioner.

Sensitive information

A record of all such incidents between April 2014 and April 2015 contains details of 103 suspected breaches, including a case in which patient files were discovered by a member of the public in the drawer of a filing cabinet in a second-hand furniture shop.

In another case, a diary containing sensitive client information was misplaced by a community services worker in Sligo, but was later found on the roof of her car.

The HSE has stated that a counsellor working with the National Counselling Service made the ‘administrative error’ in 2013 involving a file that was shared with Tusla, the child and family agency, and An Garda Síochána.

They discovered the mistake on 7 May 2014 and alerted both of the other agencies, issuing them with a corrected report. The error has given rise to a major political controversy.

The HSE declined to comment on the FOI.

Yesterday, it was confirmed that a tribunal will take place to look into the allegations of a smear against Maurice McCabe.

Read:  Tusla to appear before Dáil committee next week as McCabe controversy rumbles on>

Read: Tusla ‘in the process of apologising’ to McCabe over false sex abuse allegation>

About the author:

Darragh McDonagh

Read next: