The Data Protection Commissioner (DPC) is investigating suspicions that this private investigator was sending reports, using this information, to a large number of insurance companies in Ireland, some with a large international presence.
The detective could face prosecution, while the insurance companies, some of which are publicly-quoted, also run the risk of being dragged through the criminal courts. In both cases, the DPC would be the prosecuting authority.
Gardaí will decide whether or not to recommend prosecution against the civil servant, who is suspended from duty pending the various investigations.
“We are pursuing it as a priority,” Deputy Data Protection Commissioner Gary Davis told the Irish Examiner yesterday. “This is the single biggest priority of the office, to deal with this. We are shocked by it.”
It is understood that a financial institution will now also be examined by the office as part of the same investigation, although as of yet, the office is not thought to have specific evidence of possible wrong-doing.
The DPC raided the office of the private detective more than a week ago.
The investigators then entered the premises of three blue-chip insurance companies and demanded immediate access to their files.
It is understood they have gathered sufficient evidence to seek prosecutions.
The DPC’s investigation followed an internal probe in the Department of Social Protection.
Managers there discovered that a civil servant was accessing records of people he had no apparent business with.
The department checked these access patterns to his phone logs, which showed contact with a number linked to the private investigator.
A spokeswoman for the department told a Sunday newspaper yesterday that their investigation began after “the detection that a member of its staff may have accessed customer records without having an apparent business reason for so doing”.
Mr Davis praised the department on its monitoring systems and added: “Our investigation is focused on gathering sufficient evidence to bring criminal prosecutions in this area to send the strongest possible message that illegally accessing the personal information of citizens is not acceptable and if discovered will have severe consequences.”
Following a previous, and separate, investigation into the alleged access of personal information by insurance companies from a Social Welfare database, the DPC published in August 2008 a code of practice for the industry on this area.