Gardai checked private files on model more than 80 times
Published 22/03/2014 | 02:30
CONFIDENTIAL information on six "high-profile" personalities on the Garda Pulse computer system was accessed "inappropriately" by members of the force.
The multiple access to their details was uncovered by auditors from the Data Protection Office.
The findings, in a report published yesterday, were described by Data Protection Commissioner Billy Hawkes and his team as "particularly disturbing" since none of the six had any known "major dealings" with gardai.
Details on one person, who worked in the modelling industry, were accessed more than 80 times while another personality's data was accessed 50 times.
The data protection team identified the inappropriate access, which they said was on a surprising scale, during an extensive sample review of logs on Pulse in relation to well-known public figures and celebrities.
The team also checked the Pulse records on three media personalities, including some RTE staff, and a well-known inter-county GAA player.
It found that in all of the six cases, the number of Pulse accesses returned appeared to bear no relation to the valid entries relating to them in connection with official garda business. And in several cases, the same gardai had been involved in the access.
None of the six had been categorised as an offender or suspect offender by gardai.
Some of them had been listed on the Pulse system because they reported a crime and, in one case, a person had reported stolen property.
It pointed out that people could be named on Pulse because they were the injured party, or a witness to an incident, or had reported a crime or incident.
It said the Data Protection Office fully recognised that the nature of policing work effectively required members of the force to check personal information on a regular basis.
But it was imperative that inappropriate access be identified and dealt with to ensure that persons with access to Pulse respected the obligation that came with it.
The report pointed out that the Garda authorities were already aware of the problem in advance of the audit and the Garda Commissioner had issued a directive stating that the reason for inquiries into Pulse details should be recorded, without exception.
The team said it welcomed this necessary development and expected An Garda Siochana to enforce the directive and take strong and appropriate disciplinary action against anybody abusing access to Pulse and prosecutions against anybody found using such access for gain.
In response yesterday, Garda Commissioner Martin Callinan said he shared the concerns about any improper access to Pulse and the risk of disclosing highly sensitive personal data outside the organisation.
In that context, Mr Callinan added, a number of Garda members had been subject to discipline for inappropriate access to Pulse within the period of the audit process, from 2011 to October 2013.
He said he welcomed the main finding that "the majority of the areas examined demonstrated a professional police force operating in compliance with data protection legislation".
In particular, the team had found no major concerns with the garda vetting system, use of CCTV, subscriber data held by telcoms companies, the automatic number plate recognition system and the charging and offender process.
The report pointed out the number of penalty points on a licence could not be viewed by gardai. They were only notified when a driver had been disqualified from driving based on accumulating 12 penalty points.
In an interview yesterday, Data Protection Commissioner Billy Hawkes revealed that another investigation was still under way in the access of Pulse for information, which was given to private investigators.
He said they already knew about a handful of cases where information had been accessed for private investigators during the sample review and this was currently being examined in greater depth by his team.