Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Maurice McCabe. Laura Hutton
Copy and Paste

'Admin error' that led to McCabe allegations was not reported as HSE data protection breach

Documents released under an FOI show that the incident wasn’t listed among 103 data protection breaches reported between April 2014 and April 2015.

THE ‘ADMINISTRATIVE ERROR’ that led to false sex-abuse allegations against Garda whistleblower Sergeant Maurice McCabe was not reported as a data protection breach, as required by protocol.

The Health Service Executive (HSE) claimed last weekend that the error had been brought to the attention of its Regional Manager for Data Protection and Consumer Affairs when it was discovered in May 2014.

However, records released under the Freedom of Information Act reveal that the incident was not listed among 103 data-protection breaches reported within the agency between April 2014 and April 2015.

These breaches included cases of medical notes being sent to the wrong patients, a Tusla report being attached to an information booklet and posted by mistake, and a patient’s chart being left on a garden wall.

But the incident in which a ‘copy-and-paste’ error resulted in false accusations of sexual abuse against Sergeant McCabe being held on file and shared with other agencies is not recorded on the HSE’s data-breach log.

Data protection laws place an obligation on organisations to ensure that personal information contained in their records is “accurate and, where necessary, kept up to date”.

The Data Protection Commissioner has held that this obligation is heightened in the case of data that “has potential to reflect on an individual’s personal character in a profound manner”.

HSE Data Protection Breach Management Policy requires all relevant incidents to be reported to Consumer Affairs or the ICT Directorate, and for an incident report to be completed by staff.

The local consumer affairs officer subsequently decides whether it is necessary to report suspected breaches to the Office of the Data Protection Commissioner.

Sensitive information

A record of all such incidents between April 2014 and April 2015 contains details of 103 suspected breaches, including a case in which patient files were discovered by a member of the public in the drawer of a filing cabinet in a second-hand furniture shop.

In another case, a diary containing sensitive client information was misplaced by a community services worker in Sligo, but was later found on the roof of her car.

The HSE has stated that a counsellor working with the National Counselling Service made the ‘administrative error’ in 2013 involving a file that was shared with Tusla, the child and family agency, and An Garda Síochána.

They discovered the mistake on 7 May 2014 and alerted both of the other agencies, issuing them with a corrected report. The error has given rise to a major political controversy.

The HSE declined to comment on the FOI.

Yesterday, it was confirmed that a tribunal will take place to look into the allegations of a smear against Maurice McCabe.

Read:  Tusla to appear before Dáil committee next week as McCabe controversy rumbles on>

Read: Tusla ‘in the process of apologising’ to McCabe over false sex abuse allegation>

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Darragh McDonagh
Your Voice
Readers Comments
52
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.