Regulator issues enforcement notice on public services card project
Move is likely to be the first salvo in a lengthy legal battle between the Data Protection Commissioner and Regina Doherty’s department
The long-awaited enforcement notice follows a damning investigation into the public services card project in August
The Data Protection Commissioner has issued an enforcement notice on the controversial public services card project to the Department of Social Protection.
The long-awaited notice, which follows a damning investigation into the project completed in August, is likely to be the first salvo in a lengthy legal battle between the regulator and Regina Doherty’s department.
The Department of Social Welfare has 21 days to either appeal the enforcement notice or comply with it. If it does neither, the regulator can prosecute the department over its failure to act.
It is expected the department will appeal the notice to the Circuit Court, which is likely to be the first step in a legal battle that could escalate through the courts system, incurring significant legal bills for both sides.
In the meantime, it is unlikely that the department will comply with any of the demands placed on it by the regulator, which include deleting data based on documentation given to the department by the 3.2 million people who have taken out a public services card.
The enforcement action is understood to seek action on all the charges levelled against the department in August. These were that it must delete the data, that it must stop processing applications for bodies outside the department that are seeking to enrol people in the public services card project, and that it must make wide-ranging changes around the transparency of the project.
Ms Doherty has previously said that her department will not be complying with the findings of the report.
In a brief statement, Graham Doyle, head of communications at the Data Protection Commissioner (DPC) said: “I can confirm that we have this evening issued the enforcement notice to the DEASP”.
The department has strongly criticised the DPC’s findings. In a letter to data protection commissioner Helen Dixon in September, the secretary general of the department suggested that her office may not have “a clear understanding of the import of its own findings” on a key issue, and argues that the report has several “internal inconsistencies”.