A series of requests under Freedom of Information legislation last year about the Government’s major data-sharing projects led me to wonder just what information might be held in my own file.
The database, operating under a system called the “single customer view” (SCV), is used for storing basic details about a citizen. It also allows for the sharing of those details across departments and public bodies for the provision of services.
A request to the Department of Public Expenditure and Reform (DPER) elicited the response that the Department of Social Protection was in charge of the database.
A follow-up request to that department produced the file in question.
It had all the information I had expected – my name, address, date of birth, mother’s maiden name, place of birth, nationality; details of PRSI payments – but, then, a surprise.
Within a series of tiny-print screenshots were three lines of data containing details of my current car registration and its motor tax expiry date, and the details of the only two previous vehicles registered to me, along with their most recent or current motor tax expiry dates.
Other parties contributing
The file also confirmed the various parties contributing to the single customer view (SCV) system, saying it was maintained by DPER “on behalf of the Department of Social Protection”. It said the other parties contributing were the Department of Agriculture, the Department of Transport (drivers and vehicles), the Revenue Commissioners, and the HSE (for medical card purposes).
The bodies that have “designated officers” who may access the system for “specific business uses” are the Department of Social Protection, the Passport Office, the Private Residential Tenancies Board, the Department of Justice (for processing naturalisation certificates) and the Irish Prison Service.
When asked in a follow-up letter why it had data relating to my car ownership history, the Department of Social Protection said the car registration data was not, in fact, imported or processed within the single customer view system. “As such, they are not used for any purpose within the SCV,” it said.
Information on car registration was received periodically from the Department of Transport as part of a “raw data” file. The information was preserved for a short period of time for technical reasons, such as “data integrity checks”.
Investigation
Following a complaint to the Data Protection Commissioner, an investigation commenced. The Department of Social Protection assured the office that its "front-end" users of the system "never had access" to the data about the car registrations.
It added that once the Department of Social Protection became aware the car ownership data was being transferred by the Department of Transport to DPER, it was asked to stop sending it. The Department of Transport complied with the request.
A “small number” of technical staff in DPER had access to the data and it was retained for a short period before being destroyed. The Department of Transport needed the vehicle data to maintain a complete history of vehicle ownership and to assist with criminal investigations.
But the investigation by the commissioner found the processing of the car registration data by DPER and the Department of Social Protection was “irrelevant and excessive”.
The commissioner said in July it had been informed the practice of the Department of Transport sending “unnecessary data” to DPER for the purposes of maintaining the SCV system “has now ceased . . . confirming that it was not necessary in the first place”.