The Data Protection Commissioner yesterday published his annual report for 2007. The report is yet another compelling read and shows how our privacy is being gradually eroded in the name of commerce and the fight against serious crime and terrorism. Indeed this is perhaps best reflected in the words of the commissioner himself “Have we not succumbed to terror and submitted to extremism when we lose the liberty to live our lives without constant intrusion by the State in the name of security?”
Since 2006 the number of new complaints registered increased from 659 to 1,037, these are in addition to the 20,000 phone and 4,000 email enquiries received by his office. Within the report the commissioner highlights a number of case studies that make worthwhile reading for us all to ensure we do not make the same mistakes;
- The use made by Baxter Healthcare of two medical reports relating to a former employee;
- The inappropriate use of CCTV footage by the West Wood Club in Sandymount and covert CCTV by the Gresham Hotel in Dublin;
- Suspension of the operations of a cold-call marketing operation by Newtel communications;
- Inappropriate disclosure of employee information by Aer Lingus;
- A very serious case of inappropriate access to personal information held by the Revenue Commissioners;
- The failure to supply a reasonable means for opting-out from email direct marketing by Ryanair.
- Extensive engagement with Eircom following the receipt of a large number of complaints in relation to unwanted marketing telephone calls. This resulted in a €35,000 donation by Eircom to charity to resolve the complaints.
- Excessive information of local residents retained by Croke Park
- Unsolicited email marketing by Tesco arising from technical difficulties
In the report the Data Protection Commissioner also outlines what he see as the top ten threats to privacy. The report also highlights a trend in voluntary breach disclosure which is a positive move. However, further reading shows that eleven, yes a grand total of eleven, organisations notified the Data Protection Commissioner’s office of a breach. That is less than one breach a month which in my opinion is well below the number of actual breaches that are occurring and once again reinforces the need for mandatory breach disclosure laws in Ireland.
Having dealt with the DPC’s office on a number of occasions I have to say that each query has been dealt with in a professional and efficient manner. If your company processes personal data of staff or customers then do not hesitate to seek guidance from the Data Protection Commissioner’s office. Failing that, why not simply head over the the Data Protection Commissioner’s website and have a look at the below video;