Employee relations firm reprimanded over GDPR breach after personal info lost in transit

Employee relations firm reprimanded over GDPR breach after personal info lost in transit

The company was reprimanded over losing a USB key. File picture

Thu, 17 Feb, 2022 - 11:20
Cianan Brennan

An employee relations firm has been reprimanded by the Data Protection Commissioner after personal information it posted to the Personal Injuries Assessment Board (PIAB) got stolen in transit.

The consultancy firm had been retained by the PIAB, the State body responsible for dictating personal injury claims awards, to carry out an investigation on the board’s behalf in May 2019.

The GDPR breach, which led to the reprimand, resulted from the consultancy firm sending copies, by post, of appendices to its six final reports — containing personal data — to the PIAB in September of that year, despite the board specifically instructing the firm not to do so.

Separately, PIAB — which was cleared by the investigation of any data breaches of its own — took possession of the final reports in hard copy format at the beginning of October 2019.

When asked if it had received both the appendices and the reports, PIAB replied it had the reports and said “we do not require e-appendices or any further documentation to be forwarded to us”.

Nevertheless, the company sent the appendices on a USB key to the injuries board nearly two months later, together with a covering letter.

When the envelope was delivered, the USB key was missing and the envelope had suffered damage.

The consultancy acknowledged to the DPC both that registered post had not been used for the delivery, and that a secure envelope had likewise not been used. Similarly, the files on the USB device were not encrypted.

The company, which was not named in the DPC decision, said the files couldn’t be sent by email as they were too large. 

It added it had since “learned more about encryption technology” and had sought to apply that learning to its processes.

The DPC issued a formal reprimand, but that a fine was not warranted as the “risk of damage to data subjects was low to moderate”.

Read More

EU data watchdog calls for Pegasus spyware ban

x

CONNECT WITH US TODAY

Whatsapp logo

WHATSAPP

Newsletter logo

NEWSLETTERS

Notification logo

NOTIFICATIONS

Be the first to know the latest news and updates

More in this section

AIRPORT HOMECOMINGS 'It is brilliant. We have everyone home once a year': Joy as families reunite at Dublin Airport
Greta Thunberg arrested at protest supporting Palestine Action hunger strikers in UK Greta Thunberg arrested at protest supporting Palestine Action hunger strikers in UK
Watch: Meet Ireland's amazing toy soldier collector Watch: Meet Ireland's amazing toy soldier collector
Data Protection CommissionerGDPROrganisation: Personal Injuries Assessment Board
<p>Garda Barry Ryan of Roads Policing Dublin Castle pictured conducting a speed check this morning on the Navan Road, Dublin as Gardai conduct several high profile National Slow Down Days, aimed at raising awareness about the dangers of speeding. .....Picture Colin Keegan, Collins, Dublin.</p>

Watch: Christmas national slow down appeal by an Garda Síochána

READ NOW

Lunchtime News

Newsletter

Keep up with stories of the day with our lunchtime news wrap and important breaking news alerts.

Latest

Most Read

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

© Examiner Echo Group Limited