Cork City Council has reported a data breach to the Data Protection Commissioner (DPC) after a councillor claimed that parking offence warning letters were found outside City Hall.
The batch of 21 final warning letters, all dated April 4, 2019, relate to outstanding fixed charge penalty notices and contain the names, addresses and car registration numbers of several motorists, and the alleged parking offences.
Fianna Fáil Cllr Ken O’Flynn says the documents were handed to him by a member of the public who claims to have found them on the Anglesea Street side of City Hall recently.
While the council has launched an extensive internal investigation to establish what occurred, the risk to those whose personal data is involved has been described as “low-level”.
The warning letters are linked to alleged parking offences ranging from failure to display a valid parking disc, failure to register a valid park by phone parking payment, unlawful parking in a loading bay, and parking on double yellow lines.
It advises motorists that they have been issued with a fixed charge penalty notice in respect of an alleged parking offence, and have until Wednesday, April 17, to pay the fine.
The motorists are warned that if they fail to make the payment by the deadline, legal proceedings will be initiated against them which may result in a criminal conviction, a fine on conviction of up to €1,000 and “associated legal costs”.
They go on to set out various payment options, including online, an automated phone payment system, by cash, cheque or postal order.
The letters are all printed on the reverse side of official headed council paper, leading to speculation that they may have been set aside when the printing mistake was discovered.
Mr O’Flynn said he emailed the council’s chief executive, Ann Doherty, asking her to explain what he described as a “major data breach”. He has also contacted the office of the DPC, which said it would contact the city council about the matter.
In his email to Ms Doherty, Mr O’Flynn said: “I am appalled and incensed that documentation of such a highly sensitive nature could be discarded in a public place by or on behalf of Cork City Council.
At a time when all elected members are subjected to such rigorous GDPR constraints, I find it alarming in the extreme that the executive of Cork City Council could allow this situation to occur and I would request that you make an immediate statement to elected members on the matter at the next council meeting.
The council confirmed that it has reported a data breach to the DPC and has contacted Mr O’Flynn requesting further details and copies of the documents so that a full investigation could be undertaken. It has also requested return of the records.