The Data Protection Commissioner published his Annual Report 2010 on 30 May 2011.
- Increase of Statutory Powers
The report discusses the Commissioner’s use of his statutory powers to deal with complaints from individuals about denial of their data protection rights. It notes that those powers will be strengthened with expected changes to domestic and EU law
- Insurance Link Database
The report notes that a detailed investigation of data sharing in the Insurance sector through the database Insurance Link, a shared claims database which allows member organisations to share and cross-reference their insurance claims data, found that use of and access to the database, was not in compliance with data protection legislation. The investigation identified a number of issues including a major lack of transparency as well as the inappropriate accessing of the database by huge numbers of individuals with no supervision of that access
- Breaches & Code of Practice
The Commissioner also reports on his publication of the Data Security Breach Code of Practice. The code focuses on informing those affected by security breaches thereby allowing them to take appropriate measures to protect themselves. The report notes that the number of data security breach incidents reported in 2010 increased by 350% on the previous year as a result of the more exacting demands of the code
- Data Sharing in the Public Sector
The extent and proportionality of data sharing in the public sector was noted as a source of concern. The Commissioner has published a set of guidelines to aid public sector agencies that wish to share personal data in the public interest. Transparency and proportionality are the guiding principles of the guidelines which state: the sharing should be explicitly provided for by law; the public sector customer should know what personal data may be shared; the extent of sharing should be limited to what is necessary to achieve the public interest objective; and the data should be subject to a high level of security and be securely destroyed when no longer needed
- Privacy Audits
The report notes a number of concerns arising from privacy audits carried out in 2010. Those audited included financial institutions, schools, pharmacies and charities. The concerns include the use of CCTV systems in schools and workplaces without sufficient justification and the collection and retention of PPS Numbers by charities for indefinite periods of time. In relation to the use of biometrics to record attendance in workplaces and schools, amongst other things, the Report notes numerous complaints. In relation to one particular audit, it was found that the inability of employees to opt out of such monitoring along with an absence of information on how the data would be used constituted a breach of the data protection legislation
Contributed by Leo Moore.
Back to Legal News