Three inquiries on alleged Social Protection privacy breaches

Any breach of trust on confidentiality seen as serious misconduct, says department

The Department of Social Protection said it had, over the last number of years, continuously strengthened security and data protection protocols. “Policies and procedures governing the use of systems and data have been developed and communicated to staff. These policies and procedures are under constant review and are updated as appropriate.” File photograph: Getty Images
The Department of Social Protection said it had, over the last number of years, continuously strengthened security and data protection protocols. “Policies and procedures governing the use of systems and data have been developed and communicated to staff. These policies and procedures are under constant review and are updated as appropriate.” File photograph: Getty Images

Three investigations are being carried out into suspected privacy breaches involving Department of Social Protection officials, the department has confirmed.

A private investigator, James Cowley (65), was convicted on Monday of illegally obtaining and then disclosing to a bank and insurance firms personal details he had obtained from a department official.

He was prosecuted by the Data Protection Commissioner following an investigation that commenced last year.

The official who disclosed the information was not prosecuted.

READ SOME MORE

In a statement, the Department of Social Protection said it did not comment on “ongoing investigations”.

It confirmed there were currently three investigations being carried out under the Civil Service Disciplinary Code into suspected breaches of its data protection policy and guidelines and “possible disclosing [of] personal information to a third party”.

It said it had over 7,000 employees and administered “a broad range of systems with over seven million datasets in respect of current and previous customers”.

“Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way.”

The department said it had, over the last number of years, continuously strengthened security and data protection protocols.

“Policies and procedures governing the use of systems and data have been developed and communicated to staff. These policies and procedures are under constant review and are updated as appropriate.”

Penalties applicable

Staff members were also regularly reminded of their obligations under data protection and security policies and of the penalties applicable in respect of any breach of these policies.

“Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the disciplinary code, the sanction for which may be dismissal,” the department said.

“In order to preserve public confidence in the operations of the department, there has been, and will continue to be, considerable focus on the issue of data confidentiality.”

It had committed to an ongoing data protection staff awareness programme, which included training and support initiatives. The department also said it fully co-operates with the Data Protection Commissioner in the investigation of any suspected data breach.

In 2014, two Wicklow-based private investigators were convicted of using deceptive, so-called “blagging” practices to obtain people’s personal information from the department.

A case is also before the High Court in which a man claims his rights were breached after an official in the Department of Social Protection gave unauthorised access to his private and confidential files to an investigator acting on behalf of AIB.