Watchdog fears €24m postcode plan may breach privacy laws
Government plans to introduce a postcode system next year have hit a major stumbling block after the Data Protection Commissioner voiced concerns about potential damage to people's privacy.
The commissioner, Billy Hawkes, made a series of hard-hitting comments about the postcode plan, Eircode, which will cost €24m to implement over the next 10 years.
Under the plan, some 2.2 million addresses will each be assigned a seven-digit code to make deliveries and tax collection more efficient.
However, Mr Hawkes expressed a number of concerns about the operation of the post codes and warned there could be unintended consequences flowing from them.
"No privacy impact assessment has been carried out and I continue to be deeply concerned about the implications of this and the fact that they have not in fact been properly examined," he said.
Mr Hawkes said he feared that in the era of "big data" and "datasets" the new postcodes could be used as a tool to gather sensitive data, which could be used for "any purpose, ranging from state services to commercial exploitation".
He said he was concerned "such datasets, which would be verified by this post- code, could have the potential for the ready identification of sensitive information about individuals, examples of which would be to identify specific localities that have patterns of crime or illness."
Mr Hawkes made the remarks in his annual report for 2013, which was published yesterday.
His public intervention comes at a crucial time in the project, with Communications Minister Pat Rabbitte hoping to have the system in place next spring.
However, his department is now facing calls from Mr Hawkes to allay privacy concerns.
A spokeswoman for Mr Rabbitte said the minister had stated that necessary protections would operate around the use of postcodes to ensure that data protection legislation was complied with.
"We do not envisage that this issue will delay the introduction of postcodes," she said.
The annual report said Mr Hawkes' office had received 910 complaints last year, over half of which related to difficulties people had accessing information about themselves held by both public and private bodies.
The report also details several cases investigated by Mr Hawkes' office, including one where a GP inadvertently sent a woman's medical records to an insurance company and another where a doctor sent a patient file to the wrong email address.
It also contains a section on the controversy involving Loyaltybuild, the company at the centre of Ireland's biggest data- hacking breach.
The firm, which markets discounted travel breaks, suspended trading late last year after 90,000 customers had their credit card details stolen. It has since resumed its operations.
An inspection team found serious issues regarding the security of data on Loyaltybuild's system and a lack of procedures to ensure this data was protected and properly managed.
Responding to the findings, the company told the Irish Independent it had spent €500,000 updating its security systems and infrastructure "to the highest industry standards" and was now operating with the full approval of the Data Protection Commissioner.