On October 6, the Irish Office of the Data Protection Commissioner announced that M.C.K. Rentals Limited and its two directors pleaded guilty to violations of Sections 22 and 29 of Ireland’s Data Protection Acts. According to the Data Protection Commissioner, M.C.K. obtained personal data from the Department of Social Protection and Primary Care Reimbursement Services and provided the data to credit unions without permission.
This is the first time that the Data Protection Commissioner has prosecuted company directors. Section 29 of the Data Protection Acts expressly permits actions against company directors or officers who consent to or negligently allow a violation. Although the two directors were charged with 23 counts of breaches of Section 29, they pleaded guilty to one charge each and were fined € 1,500 each. (M.C.K. pleaded guilty to 5 of 22 counts and was fined € 7,500.)