The body charged with protecting data protection rights has expressed concern that State bodies may be using “draconian powers” in order to access individuals' personal information for measures such as clamping down on welfare fraud.
Data Protection Commissioner Billy Hawkes said today he had a “particular concern” at the balance currently being struck by the State in relation to the use of personal data in this area.
Publishing his annual report for 2009, Mr Hawkes said there had been cases where information was being sought by the Department of Social and Family Affairs from other departments to which it had been provided for a “totally different reason”.
“In the area of fraud, we quite understand the importance, particularly in the current severe budgetary situation, for the State to take action to prevent it being defrauded in the area of social welfare and elsewhere,” Mr Hawkes said.
“It’s important that there be proper investigation to clamp down on such fraud. But we have been concerned about, for example, a provision that was inserted in social welfare legislation at the end of last year which gives the Department, as it were, carte blanche to access bank accounts in pursuit of where they suspect there might be welfare fraud.”
Mr Hawkes said his office had engaged with the department and was satisfied it would agree a code of practice with which would “limit” the cases where that happens.
“But we have seen other cases where in pursuit of the fraud agenda, information is being sought from other parts of the State in relation to information which individuals would have provided for a totally different reason to the State, for example to obtain a licence or something entirely unrelated.”
He said there had been instances were, for example, legislation had placed before the Oireachtas, “which in the interests of clamping down on crime and social welfare fraud, gives very draconian powers to the State to interfere with people’s personal data”.
“We have also seen this in the practice of the State, in relation to how it for example pursues social welfare fraud. We fully understand the importance, particularly in the current economic circumstances, of the State taking effective action in this area.
“But our job is to say that there must be a proper balance in this area and we are concerned that this balance may not be struck properly at present. All we can do is alert people that this may be the case. The ultimate responsibility lies with the political system to strike a balance on our behalf.”
The commissioner carried out a detailed audit of the Department of Social and Family Affairs in 2008 following a number of high-profile cases where personal data was accessed by staff who did not have need to access it.
Mr Hawkes said today he felt the audit was justified because the department holds “huge amounts of information on all of us and it’s very important that data protection principles are fully respected”.
He said more needed to be done to get the balance right both in the Department of Social and Family Affairs and in other organs of the State.
Mr Hawkes also noted the Bill currently before the Oireachtas which will allow gardaí to keep an individual’s DNA information on file even if they have not been convicted of an offence.
“DNA obviously can be highly useful in securing convictions and it is a very important tool for the Garda Síochána, which is to be welcomed. However, there is concern that, for example, where an individual is not found guilty of an offence, the Bill that is currently before the Oireachtas provides the DNA sample and the DNA information can be held for quite a long time without the individual’s consent. You have to ask, why should an innocent individual have to suffer that penalty?”
Last year, the office opened 914 complaints for investigation.
Mr Hawkes said the slight decrease on the 2008 figure could be accounted for in some respects by the “almost halving” over the last two years in complaints about unsolicited direct marketing text messages, phone calls, fax messages and emails.
This was attributable in part to a series of prosecutions by his office against a number of companies operating in the premium rate text messaging sector.
Successful prosecutions in 2009 included four companies operating in the premium rate text messaging sector, a restaurant and a gym. In all cases it was for repeat offences.
Some 119 data security breach incidents were reported to the office in 2009, a 47 per cent increase on the number of reports received in the previous 12 months (there were 81 reports in 2008).
The high-profile breaches included the theft of a laptop containing the details of up to 90,000 Bord Gáis customers, and also the theft of an unencrypted laptop containing personal patient data from the HSE West office in Roscommon.
One complaint detailed in the report involves the disclosure by a major Irish-based airline of a man's travel itinerary, and that of his wife, to his employer, at the employer's request.
The details were subsequently used to dismiss the man from his job. The commissioner found the airline had breached the law in disclosing the information and in failing to prevent unauthorised disclosure of the information.