THREE INSURANCE companies have pleaded guilty to illegally using social welfare information on individuals which they obtained through a private investigator.
FBD, Zurich and Travelers Insurance pleaded guilty to 10 sample charges each after they were prosecuted for breaches of the Data Protection Act.
All three offered to make donations of €20,000 to charity.
They will also pay legal costs. Judge Ann Ryan said she would apply the Probation Act if these donations were made to the Capuchin Day Centre for homeless people by March 5th.
The prosecutions followed a complaint from the Department of Social Protection in December 2010 after it noticed an unusual pattern of access to its database by an official, who had also been making phone calls to two specific numbers. Gardaí also opened an investigation, but the insurance companies were not subject to that Garda inquiry.
Dublin District Court heard the companies were all registered with the Data Protection Commissioner to process certain personal information. This did not include social welfare information, which is not publicly available.
The commissioner obtained details of the welfare official’s access to the department’s computer systems for 2010, and was also led to the offices of Kildare-based private investigator Reliance Investigation Services by phone records.
Assistant data protection commissioner Tony Delaney and other officials made an unannounced inspection of the private investigator’s premises on December 9th, 2010, and obtained its client list.
Mr Delaney told the court VAT invoices found on the premises proved to be critical evidence linking the private investigator with the insurance companies.
Information found at the insurance firms, which the department subsequently confirmed was from its records, included individuals’ dates of birth, PPS numbers, addresses, employment history and information on claims made from the department. In a number of cases the files also included information on spouses.
Mr Delaney told prosecuting counsel Remy Farrell SC, instructed by Philip Lee Solicitors for the commissioner, that his office viewed the matter as a “very very serious” data protection breach. He said all three companies had fully co-operated with the inquiry.
The commissioner’s office said afterwards in a statement it was satisfied the companies had substantially improved their systems and were seeking to be fully compliant with data protection law.
It said the outcome sent “the strongest possible message to other companies” in the insurance sector and all sectors that there would be “severe consequences from breaches of the Data Protection Acts”.
Asked to comment, the Department of Social Protection said it takes “a very serious view of breaches of its information security policies and procedures which are subject to the provisions of the Civil Service Disciplinary Code”.
A separate Garda inquiry is taking place into the leaking of the data from the department, the court heard.