The Data Protection Commissioner is likely to start the investigation into the alleged data breach at Independent News and Media within the coming weeks, as she dismissed any potential conflict of interest in attending an event organised by the company yesterday.

Data Protection Commissioner (DPC) Helen Dixon said there were “no issues whatsoever” in attending the Data Sec 2018 conference at the RDS in Dublin, which was focussed on the new EU General Data Protection Regulation (GDPR) which comes into effect on May 25.

It is understood her office will begin its probe into the alleged data breach at INM in the coming weeks, while Ms Dixon said she had accepted the invitation a number of months ago.

Afterwards, the head of communications at the Office of the Data Protection Commissioner said: “It’s an event with a general audience focussed on GDPR and the DPC will participate in line with the programme of events it has committed to in order to build GDPR awareness and preparedness.

“The focus of the DPC keynote address and those of DPC panellists that participate will be around actions necessary to prepare for GDPR. While it is intended the DPC will use examples of previous breaches or case studies to illustrate certain points more effectively, it is never the case the DPC would give details on an open matter such as this.

The DPC is not being paid or in any way compensated by INM for participation and contribution — the DPC accepted the invite to contribute based on the fact that the conference presents a vehicle to deliver our message to a large audience.

On the INM issue, the spokesman said “significant additional detail” was available to the Data Protection Commissioner to facilitate a “targeted investigation”.

“In August 2017, the DPC received a notification from INM under the terms of the Personal Data Security Breach Code of Practice regarding a possible data breach,” he said. 

“Mandatory notification of breaches is not required under current EU data protection law. It will become law from May 25, 2018 to notify a breach to a data protection authority where a breach of personal data poses risks to individuals.

“The notification received in August 2017 was targeted towards an issue of off-site and on-site processing of INM data by third party data processors without a written contract in place [as required under 2C of the Irish Data Protection Acts]. 

"The notification did not at that time identify any risks to data subjects arising from what was presented as a technical issue of processing without contract. 

It should be noted that it is an everyday legitimate activity for many companies to use third party cloud providers and processors and given the EU data free-flows guaranteed under EU data protection law, it is not significant that processing would occur in the UK as opposed to Ireland.

“At this point, given that the entire matter is pending investigation by this office, we are still not in a position to state what the facts of the matter are.

“The notification received from INM on March 26, 2018 now provides significant additional detail which has given rise to a scoping exercise on the part of this office in order to commence a targeted investigation. 

"In the meantime, we have arranged with INM a contact point to which individuals concerned they have been affected can be directed in order to get answers.”


NAYA, a female wolf, arrived in Belgium in January last year.Naya’s ‘death’ leaves August a lone wolf

Adrian went to Scoil Oilibheir, Dublin Hill, for primary school and then on to St Finbarr’s College, Farranferris, for secondary school.School Daze with Adrian Russell: I was a good sport in class

Colm Murphy, of a renowned Cork arts family, used to travel the world as bodhrán player with Dé Dannan, but these days he’s happiest fishing and observing bird life, writes Ellie O’Byrne.Art of Affection: Colm Murphy on his love of painting

Antonia Smyth is wedding co-ordinator at the Bridge House Hotel, Tullamore.You've Been Served: Antonia Smyth, Bridge House Hotel

More From The Irish Examiner