Security breaches and access requests were among the Data Protection Commissioner’s key concerns in his recently published annual report. The report highlighted a number of trends in what was an eventful year for data protection in Ireland.
1,577 data security breaches were notified to the Office of the Data Protection Commissioner (ODPC) last year, including the largest it has ever dealt with; the hacking of customer databases of Loyaltybuild. The report noted the beginning of a trend of notifications regarding staff moving jobs and taking client data to their new employer. The report also highlighted a number of breach notifications that involved data subjects from other countries.
More than half of all complaints (517 of 910 opened in 2013) made to the ODPC last year were from people who experienced difficulty gaining access to personal data held by organisations. This represents a record high. The Commissioner noted that many such complaints might have been avoided with better customer service as often shortcomings in the handling of customer service complaints is the driving force behind formal access requests.
Other major concerns of the Commissioner related to state organisations and Ireland’s upcoming new postcode system. The report outlined that action is needed to tackle deficiencies in how state organisations protect personal data of citizens, with audits often showing a lack of regard by senior management for personal data. The report also noted that, through the use of modern technology, a public postcode database has the potential for the ready identification of sensitive information about individuals.
The annual report gives insight into the continued enforcement work being carried out by the ODPC and the steps that organisations need to take to ensure compliance in this increasingly high profile area. It highlights the need for protection of data from security breaches and the potential exposure of employers to data retention by former employees.