DPC Helen Dixon is launching an investigation into an alleged data breach at INM.
Over the past few days, a number of reports have surfaced alleging that journalists working for Independent News & Media (INM) have had emails accessed by an external company.
The alleged removal and ‘interrogation’ of data from INM’s premises that is said to have occurred in October 2014 also included 40,000 emails from former INM chief executive Joe Webb, according to the Irish Independent.
Yesterday (April 3), Irish Data Protection Commissioner (DPC) Helen Dixon said her office would be investigating whether personal data was accessed in the alleged INM breach. At present, Dixon’s office is currently seeking supplementary details from INM following the filing of a breach notification by the media group last week.
The INM 19
A document filed to the High Court in recent days by the Office of the Director of Corporate Enforcement (ODCE) lists 19 ‘persons of interest’, including columnist Brendan O’Connor, investigative journalist Maeve Sheehan and Webb. Barristers linked to the Moriarty Tribunal – which involved INM’s largest shareholder, Denis O’Brien – were also mentioned in the document.
Editor in chief at INM, Stephen Rae, said: “Clearly we have to get to the bottom of what is alleged to have occurred and, as always, identify the actual facts of the case in the first instance and thereafter what lessons can be learned.”
The director of the ODCE, Ian Drennan, is seeking the appointment of High Court inspectors to examine a swathe of corporate governance issues at INM, which is Ireland’s largest media firm.
It is alleged that the 2014 data interrogation was ordered by Leslie Buckley, the chair of the company at the time.
Drennan said: “During the course of the data interrogation, INM’s data appears to have been searched against the names of various individuals, including, amongst others, a number of INM journalists and two senior counsel.”
He also claimed that the board at INM only became aware of the data interrogation in August of last year. While Buckley said the interrogation was a “cost-reduction exercise”, Drennan claimed that some of the results don’t have “any obvious connection” to that particular goal.
Links to O’Brien?
The Sunday Times reported that a firm called Trusted Data Solutions was granted access to the INM information. The Wales-based company was paid for its services by an Isle of Man firm called Blaydon, not INM. The former is an investment company that was linked to O’Brien by The Irish Times.
The National Union of Journalists (NUJ) has welcomed the announcement from the Office of the DPC. NUJ secretary Seamus Dooley told RTÉ News at One yesterday that the allegations were deeply suspicious. “This stinks to high heavens. It’s not an exaggeration to say that this is our Leveson moment.”
A danger to journalistic integrity
Press Ombudsman Peter Feeney appeared on Morning Ireland today (4 April) describing the breach allegations as “deeply disturbing” and something that could endanger the confidentiality that a journalist should rightly be able to guarantee a source.
He explained that whistleblowers may become reluctant to share information if their anonymity is not guaranteed. “If a person has a doubt whether the guarantee of confidentiality means anything, they won’t pass on that information and journalism will suffer.”
According to journalism and data expert Gavin Sheridan, the alleged breach could in fact span much wider than the original 19 people cited in the High Court documents.
So the "headline" is not 19 people. That was just the Advanced Query Syntax for Exchange. It's actually nearly 20 years of emails for a large organisation. 1000s of people, many millions of emails.
So arguably one of the largest data breaches in the history of the State
— Gavin Sheridan (@gavinsblog) April 4, 2018
The decision relating to whether inspectors will be appointed to look into the details of the incident will be reached on 16 April.