Business Technology

Tuesday 25 July 2017

Government staff snooped on their neighbours' data

Editor in Chief of INM Stephen Rae; Data Protection Commissioner Helen Dixon; Minister for Communications Denis Naughten; and Irish Independent Technology Editor Adrian Weckler at the Datasec conference. Photo: Gerry Mooney
Editor in Chief of INM Stephen Rae; Data Protection Commissioner Helen Dixon; Minister for Communications Denis Naughten; and Irish Independent Technology Editor Adrian Weckler at the Datasec conference. Photo: Gerry Mooney

Ryan Nugent

The Data Protection Commissioner (DPC) has revealed that staff at some government departments in the recent past were using information at their disposal to spy on their neighbour's data.

DPC Helen Dixon said that similar data has been breached in the past by a number of private firms with large customer databases.

Speaking at INM's Datasec conference, Ms Dixon said the EU's General Data Protection Regulations (GDPR) - set to be introduced in May 2018 - will deliver more accountability and enforcement of breaches.

"Think about how common it was for staff in some government departments to look up details of their neighbours out of curiosity based on databases to which they'd access," Ms Dixon said.

"Or to look up, for example, national lottery winners and look to see what their address was or (what) their social welfare profile was, and it happened with private sector companies too, like insurance companies with large databases," she said.

Fred Logue, of FP Logue Solicitors, told the conference he fears Brexit will have a major impact on the transferral of data within companies based in both Ireland and the UK.

However, CEO of Eurocomply Emerald de Leeuw has played down the effects Brexit will have on the GDPR.

"I just don't get why it's always a discussion, the whole GDPR-Brexit thing," she said.

"The whole point of GDPR is that you can't circumvent GDPR legislation, so if the UK leaves the EU it will be treated like the US, but GDPR will still apply to you, regardless.

"It will just become more difficult because you don't fall under the nice umbrella that is the EU and the more lenient laws that we have within the EU," she added.

Meanwhile, Communications Minister Denis Naughten - also speaking at the conference - has admitted he's had his personal information stolen.

Mr Naughten is understood to have had his personal data leaked when a laptop was stolen containing the information of hundreds of thousands of Irish blood donors and patients, including his details.

The data was held by the Blood Transfusion Service Board after he donated blood in 2008.

The laptop - containing the information of 171,000 Irish donors - was stolen from a worker who was mugged at a New York blood bank which had been contracted to upgrade its software.

Speaking about new data protection laws at the conference, Mr Naughten said the issue was important to him given his experience. He said that Ireland faces "significant changes and challenges" when the new EU regulations are introduced on May 25, 2018.

The new regulations were described as "game changing" by Ms Dixon at yesterday's event.

Mr Naughten insisted that the public sector will be particularly focused on the changes, given its experiences in handling the personal data of individuals.

Irish people are taking extra care with their data online, according to the DPC.

However, ransomware is causing a major issue in relation to data, information and systems at businesses, according to a leading cyber security scientist.

Joseph Carson, of Thycotic, said he knows of up to 100 cases that have come to him regarding issues of information hacking on all types of businesses, where a ransom was requested for the information to be restored.

Around 30pc of companies agree to pay the ransom, which ranged in fees from a couple of thousand euro to tens of thousands.

Irish Independent

Promoted articles

Also in Business