Celebrity's file accessed 80 times on Garda database 'out of curiosity'

Billy Hawkes said the celebrities – who were recorded as witnesses or victims of crimes on the logs – were not told about the data breaches as the records were reviewed “out of curiosity” and no damage was caused.

The checks were discovered during an ad-hoc, on the spot inspection of Pulse, which began last year before a new directive was issued by Garda Commissioner Martin Callinan in December.

“It was at the minor end, but obviously it should not happen,” Mr Hawkes added.

The Data Protection Commissioner said a record 1,349 complaints were lodged with his office last year, with almost half taken under privacy in electronics regulations.

Some 200 cases were taken to court against 11 firms and audits were carried out in 40 organisations, including the Department of Social Protection’s database.

“The audit highlights significant failings in public bodies with unauthorised access to sensitive data taken place on a worrying scale,” Mr Hawkes said.

“The same issue is arising in our audit of An Garda Siochana pulse system.

“People have a right to be assured that their personal data is treated with respect by public bodies, especially as we generally do not have a choice about handing over our data to such bodies.”

A litany of failings were uncovered during the audit of the department’s Infosys database, a system used by a range of external third party government agencies and bodies which holds 7.7 million client records, including:

* A civil servant in the department allegedly accessed social welfare records for private investigators for a number of insurance companies. The three firms were prosecuted while the criminal garda probe continues.

* HSE employees searched social welfare records of their own spouses, sons, daughters and in one case their son’s girlfriend.

* One worker with the CSO obtained addresses to send mass cards following a family bereavement.

* One HSE employee did a series of checks in December 2012 for addresses for Christmas cards.

* An inspector at the National Employment Rights Authority looked up the date of births of two female colleagues.

“The most striking outcome if the investigation was the number of incidents of inappropriate access identified during the course of the investigation,” the report added.

“Explanations eventually obtained by the investigations team for inappropriate views by users of Infosys ranged from the bizarre to the banal, from the posting of Christmas cards and mass cards to the reason of nothing but pure curiosity.”

Elsewhere the number of data security breach notifications in 2012 increased to 1,666.

The first prosecution was also taken under updated security and breach notification requirements for telecommunication companies against eircom (trading as eMobile) and Meteor following the theft of two unencrypted laptops containing personal data of over 10,000 customers.