A former civil servant has been jailed for receiving corrupt payments in exchange for selling personal data to two private investigators. The case shows the determination of the Office of the Data Protection Commissioner (ODPC) to crackdown on misuse of personal data by private investigators and insurance companies.
Rory Lenihan stood accused of receiving corrupt payments from two private investigators between 2008 and 2010 in exchange for personal data he accessed during the course of his employment with the Department of Employment Affairs and Social Protection. He pleaded guilty to twelve sample charges out of a total of 41 relating to breaches of sections 1(1) and (4) of the Prevention of Corruption Act 2001. He was sentenced to two years imprisonment on each of the twelve counts, to run concurrently with the final year suspended.
The Department sent a formal breach report to the ODPC once it suspected that one of its officials was leaking personal data held on its computer systems. This initial breach report prompted separate investigations by An Garda Síochána and the ODPC into three companies in the insurance sector, who were successfully prosecuted for various offences under the Data Protection Acts in February 2012. The ODPC investigation revealed that evidence on claims files in each of those insurance companies had been supplied by a firm of private investigators, who had in turn been supplied by Mr. Lenihan.
Assistant Commissioner Tony Delaney welcomed the decision, saying:
"This case stands out as one of the most serious data breaches ever uncovered in the State. That a civil servant, who had ready access for the performance of his official duties to the social welfare records of every customer of the Department, abused his position and trawled through those records and passed on personal information from them to private investigators in exchange for corrupt payment is scandalous and appalling."
Mr. Delaney himself has been heading up a long-running probe into the practices of the private investigation sector since these incidents first came to light. Five private investigation entities have been prosecuted since 2014 on charges relating to obtaining personal data from State databases without authority at the behest of third parties in the insurance and financial sectors.