The report of the Office of the Data Protection Commissioner 2011, published yesterday, identifies a shift in the nature and type of complaints received by the office with individuals now concerned about the security of their personal data and the uses made of that data by software and technology applications.
Data Protection Commissioner Billy Hawkes speaking at the PAI Conference ‘Cloud Computing in Ireland Unleashing the Potential’ held on June 30 2011.
Given the changing data protection landscape, the report also stresses the need for a re-alignment of resources to meet the needs that will be imposed through the legislative proposals presented by the European Commission. These proposals, according to the Data Protection Commissioner, Billy Hawkes will “involves increased responsibilities for our office under the so-called “one-stop-shop” arrangement for multinational companies providing services to EU users from an Irish base”. The Office currently has a budget of €1.5m, the majority of which (35 percent) goes towards investigations and enforcement. The office currently has a staff of 22.
Report findings: Complaints
In 2011, 1,161 complaints were opened for investigation compared to 783 complaints in 2010. 253 of these complaints (22 percent) relate primarily to unsolicited direct marketing text messages, phone calls, fax messages and emails. This is up from the 231 complaints made in this category in 2010. With regard to unsolicited direct marketing text messages, the report found that businesses, including Irish businesses, were unaware of the law surrounding this method of communications. In 2011, there were 54 prosecutions against 6 bodies and those entities that persist in infringing the law, according to the report, will be prosecuted.
Additional complaints include complaints on access rights (48 percent), disclosure (10 percent), unfair processing of data (6 percent), unfair obtaining of data (4 percent), use of CCTV footage (3 percent), failure to secure data (2 percent), accuracy (1 percent), excessive data request (1 percent), unfair retention of data (1 percent), postal direct marketing (1 percent) and other complaints (1 percent).
Data breach notifications
In total, 1167 data security breach notifications were received by the Data Protection Office, an increase of 300 percent on the 2010 figure of 410.
Commissioner Hawkes states in the report that this increased figure is due to “increased awareness of the need to notify my office of a data security breaches”, as opposed to an increase of the number of actual breaches.
Of the 1196 breach notifications, 146 stemmed from private sector organisations and 40 from public sector organisations. 870 breach complaints were in relation to postal mailing breaches and 91 breach notifications were made regarding electronic mailing breaches.
Public Affairs Ireland are pleased to announce that Data Protection Commissioner Billy Hawkes will address the PAI Conference ‘A New Era for Data Protection in Ireland’ during which he will discuss the above mentioned EU reforms on data protection and the impact for organisations and individuals in Ireland. The Conference will also consider: Data protection and the delivery of public services and the issues arising on data sharing across public sector agencies; Ireland as a global centre for Internet Search Engines, data storage facilities and social media companies and how national regulation of data protection in Ireland has global impacts; and dealing with the consequences of a breach in data security – managing the reputational and legal risks involved.
For more information, click here.