Ireland likely to get disclosure laws on leaked data


IRELAND IS “likely” to have disclosure laws requiring organisations to tell individuals when their personal data has been leaked, according to Data Protection Commissioner Billy Hawkes.

Speaking at the launch of the Irish Computer Society’s (ICS) Privacy Forum this week, Mr Hawkes said: “I think it’s likely that we’re going to see legislation in this area. There’s increasing demand, and we have the example of most of the states in the US.”

He also criticised Ireland’s “draconian” data retention and surveillance laws. “Are we really so under threat from terrorism that we need some of the draconian legislation we’re currently being subject to?”

With security breaches and privacy concerns in the headlines, the ICS felt it was important to launch Ireland’s first forum focusing on data protection and privacy, said Tom Sullivan, professional services manager at ICS.

The forum will offer seminars, workshops and online resources, and encourage computer specialists to become certified on the ICS Data Protection Practitioner course, launched in December.

“We want to make sure people stay current on best practice in data protection,” Mr Sullivan said. “We also feel we have a role to play in getting people more aware about how to protect and manage their personal information.”

He said the ICS could use its administration of the European Computer Driver Licence certification in Ireland to bring more information about data privacy and protection into the coursework.

Some 35,000 Irish residents completed the ECDL last year.

Mr Hawkes noted that there has been “a huge expansion” in the amount of personal data being gathered by companies and government.

While he said that many benefits could come from data gathering and sharing – for example, an improvement in health research and services – there is also “a need for balance”.

He expressed a particular concern about the State’s data gathering, especially for security purposes.

“Ireland, I’m sad to say, has not been a star performer in this area,” he said.

Along with some of the most extreme data retention policies internationally, by which the State mandates that information about phone and mobile calls be retained for several years, he said Ireland “is also gaily rolling out CCTV” (closed circuit television surveillance).

“Are we blundering into a surveillance society where our privacy is restricted?” he asked. Non-Irish residents would already be required to carry identity cards with biometric identifiers, he noted, and it was probably just a matter of time before “it’s extended to the rest of us”.

Mr Hawkes noted that, according to a recent Eurobarometer survey conducted by the EU, Irish people are the most opposed in Europe to using call data for “fighting terrorism”, he said. Nonetheless, Irish business is noticeably indifferent to seeing privacy as a key business issue, according to speaker Michael O’Farrell, senior manager, risk advisory services, Ernst Young.

An Ernst Young security survey noted only 25 per cent of Irish business rated privacy and data protection among their top drivers, he said.

He noted that Irish companies were less proactive in protecting data, with only 25 per cent actively trying to protect data, compared to a worldwide average of 75 per cent of companies.

The persistence of information and the complexity of managing it make personal data a risk that needs to be managed, he said.