The surge in security breaches, data access requests, personal liability for directors and the enforcement of website cookies rules are amongst the key data protection trends for Irish businesses to consider for 2014.
A recent survey by the Irish Computer Society (ICS) revealed that over 50% of Irish companies have experienced data breaches. The Data Protection Commissioner (DPC) has also reported that over 1.5 million individuals faced serious security issues with their personal data last year and, coupled with a number of recent high-profile data security breaches, it is likely that the DPC will focus on security practices and procedures during 2014.
Data Access Requests
The DPC has predicted that the denial of rights of access to individuals to personal data will be the top source of complaints to his office this year.
An increased awareness of data access rights amongst individuals and claimant solicitors is likely to drive an increase in data access requests and Irish businesses should be fully prepared to meet their obligations in response to such requests.
The DPC has published updated guidance in relation to website cookies policies. The recent guidance relates to:
- Display of notification on entry to a website
- Content of cookies policies
- Use of third party cookies
Enforcement of the new cookies rules is likely to increase during the course of 2014. Spain’s data protection authority recently became the first in Europe to issue a fine for a breach of EU cookie laws. It fined a business for not providing clear and comprehensive information about tracking programs it used.
Enforcement and Personal Liability for Directors
At a recent public appearance, the DPC highlighted a potential change in enforcement strategy, noting that he will consider using his powers under data protection legislation to hold directors and other managers personally liable where they are responsible for repeated breaches of the data protection rules.
The introduction of a new EU Data Protection Regulation is expected to progress significantly during 2014. The EU’s Justice Commissioner has confirmed that a roadmap has been agreed and that the Data Protection Regulation should be in place in all Member States by 2015 at the latest.