The data commissioner has said his office needs more resources as staff are “stretched beyond the limit”, with 1,161 complaints opened for investigation last year alone.
The record number of complaints is matched by the growing scope of the investigations carried out by the Office of the Data Commissioner involving global companies such as Google and Facebook.
There was also a record number of data breach notifications — 1,167 last year, a rise of about 300% on 2010.
Launching his office’s annual report yesterday, Data Commissioner Billy Hawkes said: “Our resources are now stretched to beyond the limit.”
Mr Hawkes said he had told the Government of the need to boost staff numbers in his office, due in particular to the increase in work as a result of the IDA attracting large multinational firms to this country — often with implications for data protection.
“There has been a tendency to underestimate the resource requirements of our office,” said Mr Hawkes, adding that a sharp reduction in staff numbers three years ago had never been compensated for.
In the foreword to the report, he said his office will take on greater responsibility over multinationals which choose Ireland as an EU base and that “failure to adequately discharge this responsibility will carry significant reputational risks for the country”.
According to the annual report:
* Complaints concerning access rights accounted for nearly half of the total complaints received by the data commissioner last year;
* Most complaints were resolved “amicably” and without the need for a formal decision;
* Serious data security breaches included inappropriate disposal of patient records by the HSE, dumped in a litter bin outside Roscommon General Hospital;
* Of the 1,167 data breach notifications, 870 were in postal mailing and usually through human error;
* Other breaches included theft of IT equipment, website security, and email improprieties;
* One unnamed political party was warned over sending unsolicited text messages during the general election campaign that fell foul of marketing laws;
* Financial institutions were also probed over restricting access to credit assessments;
Vodafone, UPC, Eircom, O2, and Regine were prosecuted for marketing offences;
* The Swan Leisure Centre in Dublin was found guilty of excessive data collection, while Westwood Swimming Ltd, Dublin, made unlawful use of CCTV to monitor an employee. A veterinary practice disclosed a dog owner’s personal data.
The commissioner’s office also undertook 28 audits last year, including an audit of Facebook. A follow-up review will take place in July. Mr Hawkes said the company had accepted it was subject to Irish laws on privacy and data protection.
While Mr Hawkes said he was satisfied with the response from Facebook and many state agencies to calls to increase data protection, Deputy Commissioner Gary Davis said nobody should think themselves immune to being targeted, particularly from cyberattacks on websites which, if successful, could yield details that should be kept secure.
© Irish Examiner Ltd. All rights reserved