About 1.5 million European citizens had their personal information exposed and put at risk in a data breach at the Ennis-based company Loyaltybuild. This included, in some cases, financial information.
Tens of thousands of Irish citizens were affected, including customers of SuperValu, Axa, Clerys, Centra, Pigsback and Postbank.
While this is believed to be one of the biggest such breaches affecting a company here to date, it won’t be the last and many firms will be breathing a sigh of relief it wasn’t them – this time. So can we trust companies (or State agencies) with the personal information we hand over for financial transactions, social interaction and communications?
This is not merely a consumer issue, nor is it about the undoubted reputational damage companies suffer when such breaches occur.
Fundamental rights
Basic rights and privacy are the essence of the matter. Citizens are entitled by law to the protection of their privacy and personal data – these are enshrined as fundamental rights in the European Union.
Most citizens will probably carry out hundreds of transactions in a year involving personal data and they often take it on trust they are safe.
But vast repositories of personal information – which, taken in its entirety, may paint a picture of someone’s entire life (including social and family connections, financial status, habits and opinions) – are held by an increasing number of entities.
Personal data is also increasingly shared across the public sector. Audits by Data Protection Commissioner Billy Hawkes of separate systems used by the insurance industry and a State department found widespread abuses of personal data.
After the Loyaltybuild breach, Fianna Fáil called
for the intervention of the Financial Regulator, who has no role here.
Personal information
The person who does is the Data Protection Commissioner; Hawkes is already responsible for safeguarding the personal information of millions of European citizens through his oversight of multinationals such as Facebook, Google and Apple.
Tied to a budget of slightly over €1.5 million a year, his staff taught themselves how to take prosecutions (of which there are few enough) because the cost of external legal advice was putting “significant strain” on resources.
What has been referred to as the high-speed train of a new EU regulation is hurtling down the tracks for finalisation next year or in early 2015. Companies will face massive fines. If we don’t get on top of it, personal data could be Ireland’s next big train crash.