The Data Protection Commissioner is likely to start the investigation into the alleged data breach at Independent News and Media within the coming weeks, as she dismissed any potential conflict of interest in attending an event organised by the company yesterday.
Data Protection Commissioner (DPC) Helen Dixon said there were “no issues whatsoever” in attending the Data Sec 2018 conference at the RDS in Dublin, which was focussed on the new EU General Data Protection Regulation (GDPR) which comes into effect on May 25.
It is understood her office will begin its probe into the alleged data breach at INM in the coming weeks, while Ms Dixon said she had accepted the invitation a number of months ago.
Data Protection Commissioner Helen Dixon has denied any conflict of interest in speaking at an INM-organised conference today. “No issues whatsoever”, she said, “it’s just one of a series of events to promote compliance with GDPR [new data rules]” pic.twitter.com/Fu81zDsi7H— Stephen Murphy (@SMurphyTV) April 9, 2018
Afterwards, the head of communications at the Office of the Data Protection Commissioner said: “It’s an event with a general audience focussed on GDPR and the DPC will participate in line with the programme of events it has committed to in order to build GDPR awareness and preparedness.
“The focus of the DPC keynote address and those of DPC panellists that participate will be around actions necessary to prepare for GDPR. While it is intended the DPC will use examples of previous breaches or case studies to illustrate certain points more effectively, it is never the case the DPC would give details on an open matter such as this.
On the INM issue, the spokesman said “significant additional detail” was available to the Data Protection Commissioner to facilitate a “targeted investigation”.
“In August 2017, the DPC received a notification from INM under the terms of the Personal Data Security Breach Code of Practice regarding a possible data breach,” he said.
“Mandatory notification of breaches is not required under current EU data protection law. It will become law from May 25, 2018 to notify a breach to a data protection authority where a breach of personal data poses risks to individuals.
“The notification received in August 2017 was targeted towards an issue of off-site and on-site processing of INM data by third party data processors without a written contract in place [as required under 2C of the Irish Data Protection Acts].
"The notification did not at that time identify any risks to data subjects arising from what was presented as a technical issue of processing without contract.
“At this point, given that the entire matter is pending investigation by this office, we are still not in a position to state what the facts of the matter are.
“The notification received from INM on March 26, 2018 now provides significant additional detail which has given rise to a scoping exercise on the part of this office in order to commence a targeted investigation.
"In the meantime, we have arranged with INM a contact point to which individuals concerned they have been affected can be directed in order to get answers.”
© Irish Examiner Ltd. All rights reserved