Identity Crisis: how safe is your data?

4 Feb 2008

Data leaks and losses in the UK and here in Ireland have highlighted the failure of public bodies to safeguard citizens’ personal data. Brian Skelly looks at the current situation and finds out what is being done to tighten up data security.

The astonishing revelation that the personal records of 25 million citizens had been lost through a procedural error in HM Revenue & Customs last November has catapulted data protection to the top of the political agenda in the UK. It has also put the spotlight on how public information is held within Irish government departments and agencies and prompted the inevitable question: could the same happen here?

The answer, unfortunately, is yes, believes Billy Hawkes, the Data Protection Commissioner, who sees the UK incident as a wake-up call to major holders of personal data in our own public service. He believes the UK incident will be “huge incentive to Irish organisations to get their house in order in the coming year”.

Under data protection legislation, all public and private organisations are legally obliged to protect any personal information they hold. The Data Protection Acts, 1988 and 2003, confer rights on individuals as well as placing responsibilities on those persons processing and holding personal data.

TJ McIntyre, a UCD law lecturer and chairperson of privacy lobby group Digital Rights Ireland, argues that the main worry in relation to data protection is not that there could be some technical or procedural lapse that leads to the accidental disclosure of personal information but the fact that such leaks have almost become the norm within the Irish public sector, where there is “a culture of systemic leaking of private information”, he says.

McIntyre believes such activity has been going on for years but it’s only now, with the advent of electronic audit trails that go with computerisation, that it has increasingly come to light.

The scale of the problem is further highlighted by the growing public unease about how personal information is held by public and private organisations. The Office of the Data Protection Commissioner (ODPC) is based in Portarlington, Co Laois. It has 23 staff and an annual budget of just under €1.5m. In the past two years, the number of complaints made to the Office has more than tripled from 300 in 2005 to 1,000-plus in 2007, while the helpdesk fielded more than 20,000 calls during the past year alone.

Hawkes attributes the rise in complaints to greater public awareness of data protection legislation and the greater assertiveness of citizens. For its part, the ODPC has helped drive the issue up the agenda through an active communications campaign and also by taking strong action against perceived offenders.

This article appears in the latest edition of Knowledge Ireland, the bi-monthly information and strategy magazine, which is in shops now. To read the full version of the story in the digital edition of Knowledge Ireland, go to