The Data Protection Commissioner has highlighted the increased function and activity of the Office of the Data Protection Commissioner (ODPC) in his Annual Report for 2012. The Report emphasised the ever-growing significance of data protection law not only for public and private bodies, but for individuals alike.
The above trend is likely to continue with the future revision of data protection law at EU level, which is expected to occur within the coming 12-18 months.
A primary theme of the Report is the issue of sharing personal data in the public sector. Whilst the Data Protection Commissioner recognised the benefits of such sharing, he advised that care must be taken in the treatment of personal data of individuals. The need to ensure that personal data was not accessed or used without good reason was specifically highlighted.
The ODPC opened 1,349 complaints for investigation in 2012 exceeding the previous year’s record high number. Approximately one third of the complaints related to difficulties of individuals in accessing their personal data.
45% of the total complaints related to unsolicited direct marketing in the form of text messages, calls, email and fax from large and small companies. This is attributed in part to the fact that many businesses are unaware of the law relating to subscriber consent and the requirement to provide an opt-out option.
The Data Protection Commissioner also carried out 40 audits in 2012, including the commencement of an audit of An Garda Síochána and a follow-up audit of Facebook Ireland relating to their initial audit in 2011. The follow-up audit with Facebook Ireland found the company has been implementing the recommendations from the Office to a satisfactory standard.
The Report includes a number of case studies which are of instructive value to data controllers and processors alike, including a ruling of the High Court requiring Dublin Bus to provide a copy of its CCTV footage following a request from an individual under the right of access, notwithstanding the fact that there were parallel legal proceedings ongoing.
The increased function and demands on the resources of the ODPC, and the Government response in providing additional funding and staff are indicators of the increased importance of data protection compliance by public and private bodies. It is evident from the Report that the vital role of the ODPC continues to expand in line with levels of awareness of data protection law obligations of businesses.