Agents now suspected of targeting other state bodies
A SERIES of state bodies that have access to confidential data belonging to members of the public may have been infiltrated by private investigators, the Irish Independent understands.
The Office of the Data Protection Commissioner (DPC) is leading a "series of investigations" into the scale of the operations of these tracing agents across the country.
It's now believed that state agencies other than the Department of Social Protection have been targeted by companies which use suspect tactics.
Assistant Data Protection Commissioner Tony Delaney and a number of his officials have begun building profiles of the agents in question.
The suspicion that other agencies may have been targeted is forming the basis of one the DPC's most significant investigations in years.
It is understood that a routine audit of a small number of credit unions last year sparked the probe detailed in today's Irish Independent.
After an inspection of the books and records of credit unions, it became clear that customer records had been obtained illegally from the Department of Social Protection.
Sources say the department in question was targeted due to the reams of confidential data in its possession.
The information that was supplied to the agents working on behalf of credit unions was retrieved from a wide-ranging database known as INFOSYS.
The system, similar to the Garda PULSE system, contains details relating to tens of thousands of social welfare customers including addresses, PPS numbers and medical card details, and whether someone is living on their own or with another person.
In a statement, the department said it treats its data protection responsibilities with the utmost seriousness.
"The department has extremely rigorous data protection and information security policies, standards, procedures and guidelines in place, and every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way," a spokesperson said.
"The policies, procedures and guidelines are kept under constant review and are updated as appropriate.
"Staff members are regularly reminded of their obligations under these policies and of the penalties that are applicable in respect of any breach of them.
"Staff members are required, on an annual basis, to sign undertakings that they have read and will act in accordance with data protection guidelines and policies," the department added.