In his organisation’s latest annual report, the Data Protection Commissioner of Ireland Joe Meade has hit out at ComReg for failing to put in place the phone opt-out register to prevent unsolicited marketing phone calls. It is understood that ComReg has responded by promising such a database will be in place by July.
In a wide-ranging report that took in a variety of intrusions on individuals’ privacy ranging from spam to unsolicited phone marketing activities, Meade revealed that the number of formal complaints concluded by the Data Protection Commission in 2004 was 366, while 385 new complaints were received (258 in 2003).
The increased number of enquiries with his Office was in the region of 15,000 while its website, www.dataprotection.ie, recorded many hits during the year. The most common specific queries related to general information; the right to access personal data; the credit reference system; direct marketing and medical matters. The Commissioner noted that the complexity of enquiries was increasing.
Complaints mainly concerned direct marketing (42pc) of which 34pc were spam related, access rights (27pc), disclosure (16pc), accuracy (5pc), fair obtaining (2pc) and other matters in 8pc. The Commissioner indicated that 26pc of complaints were upheld, 11pc were not upheld, while 63pc were resolved informally.
Hitting out at an emerging “surveillance society” Meade revealed he had been asked by the Department of Transport if speed cameras could be used for detecting car tax and insurance evasion. At present, the law does not allow this and Meade said he was concerned that if speed cameras were used to detect other offences, it “has the potential, if it’s not properly controlled, to be an overall surveillance situation.”
In his findings, Meade said that pivacy and national security are not diametrically opposed, as appropriate and proportionate national security measures are enhanced by realistic and practical data protection policies.
During the year Meade said that enforceement action had to be taken to get legislative clarity for retaining phone records for security and crime purposes. He added that a public service card could become a national identity card and it must be preceded by informed public debate. On a related subject he said that biometric central databases are not required in all circumstances.
On the subject of tenders and firms doing business with the State, Meade said that all proposals at government and business level should be subject to a Privacy Impact Assessment test.
Hitting on a sensitive matter relating to Ireland’s booming housing market Meade argued that local authority councillors need not have access to local authority housing applications.
He also highlighted the fact that many State agencies did not have privacy statements on their websites and said he was disappointed that some of them could still win eGovernment awards in 2005 in the absence of a privacy statement.
On the subject of email spam and the advent of mobile spam, he said that prosecutions were initiated in 2004 to try and curb this menace.
He hit out at ComReg for failing to put in place the phone opt-out register to prevent unwanted marketing phone calls. It is understood that ComReg quickly moved to reveal that it will be make such a database available to the public by July.
In terms of some of the actions by the Data Protection Agency, Meade highlighted the case of a member of a political party inappropriately using that party’s members’ database to seek funds for a charity. In another situation a county councillor was uncooperative in replying to a legitimate complaint about canvassing by emails.
In another case he revealed how Eircom revised procedures so that a partner who was subject to a Barring Order could not get access to the other partner’s phone bills or voice mail.
In terms of employment disputes Meade said that legal professional privilege cannot always be invoked when an employment dispute arises and an employee has a right to see his/her employment related medical data.
In another case references in employment situations should only be sought when permission has been granted.
He highlighted another situation whereby an international recruitment agency disclosed sensitive employment data of a financial institution’s employees to job applicants. Recruitment agencies will be subject to a privacy audit in the future, he warned.
By John Kennedy