Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Irish privacy watchdog highlights concerns over public sector data sharing

Ireland's data protection watchdog has outlined concerns over the governance of data sharing practices in the country's public sector.22 May 2013

Billy Hawkes, Ireland's Data Protection Commissioner, said that there had been a "disturbing failure of governance" in relation to access to a social welfare database administered by the Department of Social Protection.

In 2012 three insurance companies were each found to have breached Irish data protection laws by failing to notify the Office of the Irish Data Protection Commissioner (ODPC) that they were processing 'social welfare data'. The ODPC said that it had discovered that Zurich Insurance, FBD Insurance and Travelers Insurance Company each held social welfare data that matched information stored on the Department of Social Protection's systems, which were not publically accessible.

An investigation has been undertaken into the role of private investigators in the breach whilst an employee at the Department of Social Protection is currently subject to a criminal investigation regarding their alleged accessing of the social welfare data and their passing on of the information to private investigators.

The ODPC said that a "significant number" of the insurance firms' customers "had information such as employment histories, claims data and PPS numbers illegally obtained".

Following the case, the ODPC decided to audit a number of council authorities and health bodies in relation to their accessing of the Department of Social Protection's social welfare database, known as Infosys. Hawkes said the "failures" identified need to be addressed "on a public-service-wide basis" before further data sharing arrangements are established.

Infosys is a portal that allows government departments and external agencies access to information about the benefits and allowances members of the public are provided with from the Department of Social Protection.

An audit conducted by the ODPC uncovered that the records had been inappropriately accessed by Irish civil servants, according to the watchdog's annual report. (127-page / 644KB PDF)

"A worrying degree of inappropriate access to Infosys by state employees was detected as a result of the investigation," the report said. "Some of this misuse was uncovered through internal investigations initiated by the agencies themselves. In other cases, inappropriate access was identified during the course of our examination of the access logs and subsequent engagements with these entities including physical on-site inspections."

The ODPC said that "the actions of a number of authorised users" from across the bodies granted access to Infosys had amounted to a breach of data protection laws.

The ODPC said that agencies with access to the Infosys database should maintain a register of all data disclosure requests and that staff should face "severe disciplinary penalties" for accessing data outside of security protocols.

"Proportionality is the key," Hawkes said in his annual report. "Data sharing in the public sector should have a clear basis in law; be clear to individuals that their data may be shared and for what purpose; have a clear justification for individual data sharing arrangements, with minimum data shared to achieve the stated public service objective; strict access and security controls; and secure disposal of shared data."

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in

Expertise in Confidential Information

Ideas, techniques and know-how can lie at the heart of a business. Pinsent Masons' international intellectual property team is dedicated to helping you to protect those intangible valuables that help you to stand out from your competitors.

More about Confidential Information