Text spammers fall foul in DPC report

8 May 2008

The Data Protection Commissioner (DPC) has revealed he is bringing cases against several companies for sending unsolicited text messages to consumers.

The office of the DPC conducted seven raids last year as part of investigations into SMS spamming and over 350 prosecutions are currently before the courts.

The news was announced at the launch of the Commissioner’s Annual Report for 2007 today. Several high-profile organisations were investigated last year for data privacy breaches, including Eircom, Tesco, Sky, Aer Lingus and Ryanair.

The report also showed how an individual at the Revenue Commissioners was able to access sensitive personal information about a citizen. DPC staff said they believe this breach may not have been an isolated incident.

Overall, complaints to the DPC in 2007 which led to subsequent investigations were significantly increased from 2006. Last year, the DPC opened 1,037 new complaint investigations, up from 658 the previous year. According to the report, members of the public made 390 complaints about receiving unwanted marketing messages by text – 38pc of the total.

The Data Protection Commissioner, Billy Hawkes, said this surge in complaints was partly due to the increasing public interest in data protection. He used the launch to re-open the debate about acceptable levels of privacy in Ireland.

“We’re trying to get people to think more about the type of society we’re living in. We are seeing increasing examples of the state passing legislation which seriously encroaches on people’s personal privacy and I think we need to start asking more often, is this actually justified?

“Is there a proper balance being struck between the legitimate case of protecting us all from serious crime and terrorism, and on the other hand, the right we all have to live in our own private space without undue interference from the state?,” Hawkes asked.

The report, which can be downloaded in PDF from http://www.dataprotection.ie/docs/Home/4.htm, also contains a list of top 10 threats to privacy. These include the publication of personal data on social networking sites, the “increasing and unthinking use” of biometrics in workplaces and schools, or the lack of need-to-know procedures governing access to personal information by private and state sector organisations.

Hawkes told siliconrepublic.com he wanted to make people aware of technology’s potential. “There is a downside in terms of the capacity of technology to amass information about us, often without our knowing it; to connect up bits of information so that a very comprehensive picture of us can be created and we don’t necessarily know about this.

“In that way, we are losing control of our own personal information, which is a bottom-line issue in data protection,” he said.

Earlier in the day, the blogger Damien Mulley revealed he had been able to access the report online ahead of its official launch. Hawkes said he was not embarrassed by the disclosure, pointing out no confidential data was leaked. “Once the document is loaded [on the DPC website], it’s relatively easy to access it. Information on the website is obviously information we intend to make public,” he said.

The DPC also confirmed it was making progress in its investigation into the recent laptop thefts at Bank of Ireland. “We would hope to have it wrapped up in the coming weeks – two to three weeks maximum,” said Deputy Commissioner, Gary Davis.

Meanwhile, the Irish Computer Society welcomed the publication of the report. “We are concerned, though not surprised, at the significant increase in complaint investigations opened by the Data Protection Commissioner’s office last year,” said chief executive, Jim Friars. “

“While organisations and individuals are becoming increasingly aware of their rights and responsibilities in this area, it is early days and we can expect many more significant and public breaches of the data protection legislation,” Friars added.

By Gordon Smith