Monday, 20 May 2013

Irish Data Protection Commissioner - Annual Report 2012

The Irish Data Protection Commissioner released his annual report for 2012. It is worth having a quick look through the press release and  report to see what are the current issues. It is especially worth reading the appendix 4 on the INFOSYS system, which gives access to data held within the department of Social Protection's system.

To quote from the press release:
  • "One of the major themes in this year’s report concerns the issue of sharing personal data in the public sector which has featured regularly in previous annual reports from this Office". 
The importance of audit trails is stressed in relation to who accessed data. This is of particular importance in the public sector where you usually don't have a choice as to whether you appear in the database or not. Usually in the private sector, you have some sort of say about the sites that you use.

A number of cases are highlighted where data was accessed inappropriately by users of the INFOSYS system.

In addition, some members of the Police Force are shown to have accessed the PULSE Police system inappropriately to look at information on celebrities.

This matters. 

A few weeks ago, the Irish Independent reported on the powers that the Revenue Commissioners now have. Revenue Commissioners boss Josephine Feehily told a Government committee: 
  • "that tax officials can now trawl through reams of data, including bank accounts and mobile phone numbers, to spot cheats."
This sounds like the kind of stuff that the old East German secret police could only have dreamed of - and it will only get worse. Governance in relation to how public bodies manages personal data is vital. The audits carried out by the Data Protection Commissioner are critical in making sure that there is some sort of proper security in place.
  • How is this data used?
  • Is this data misused and abused?
  • How is the "mobile phone" and "bank account" data made available to the Revenue?
  • Is it deleted when no longer necessary?
  • Who has access to this data?
  • Is there an audit trail of all access?
  • etc.....the list goes on.

One good thing is that the Commissioner says that his office is adequately funded.

Useful links

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

No comments:

Post a Comment