SHARING of data by government agencies should be regulated by specific legislation that strikes a balance between public interest and personal privacy, according to the 1995 annual report of the Data Protection Commissioner.
Mr Fergus Glavey said the extended use of the Revenue and Social Insurance number in the interests of data-sharing and matching was "the single greatest challenge facing data-protection," and highlighted the need for legislative control.
His report, the eighth since the office was established in 1989 to monitor the use of computerised data on members of the public, said moves towards the State becoming a "single data-controller" represented "a fundamental change in the distribution of power in society which, in a democracy, requires new checks and balances".
This growing trend required decisions consciously taken through the democratic process following appropriate discussion, and a solution should be "not merely an outcome of administrative change".
The commissioner called for a legal framework such as the datamatching legislation of Australia and New Zealand: "Ad-hoc arrangements, whether supported by minor amendments to existing legislation or not, are in my view an inadequate response to the real issues.
The report showed an increase in the number of complaints reaching his office, from 24 in 1994 to 37 last year. The most frequent concerned difficulties for members of the public in gaining access to personal data relating to them and held on computer.
The commissioner blamed many of the complaints on poor communication, lack of procedures and "a casual approach to dealing with what is essentially a legal obligation" on the part of data-controllers.
His office received a total of 1,300 queries during the year, about 900 of which were from members of the public. The rest were from registered data-controllers seeking clarification of their legal obligations.
Mr Glavey reported widespread surprise and disappointment on the part of many who queried his office that legislation applies only to computer data and offers no protection of manually recorded information.
A second misconception, he said, was that his office "has access to some enormous database which brings together all computer records relating to an individual. Fortunately, this is not the case.
The report acknowledged that data-protection in Ireland was strongly influenced by international developments and that last year's EU directive on the subject was likely to be the "single greatest influence" on the development of data-protection law in Europe for many years to come.
The key messages in the directive, Mr Glavey said, were that privacy was a core human value, that data-users must conform to basic rules when handling information about people, and that individuals had rights concerning that information.
EU member-states have until October 1998 to transpose the directive into law.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/d408b07e-0ff8-4a26-8878-74aec64dccc4.png)