Friday 20 April 2018

Meteor and eMobile spared convictions for breaking data protection laws

Tom Tuite

METEOR and eMobile have been spared criminal convictions for breaking data protection laws following the theft of two laptops which contained sensitive personal information about thousands of customers.

The phone companies had been prosecuted following an investigation by the office of the Data Protection Commissioner after the loss of two laptops, which contained personal information on more than 10,000 customers.



The computers were stolen on a date between December, 28, 2011 and January 2, 2012, from Eircom's premises at Parkwest in Dublin.



The theft was not discovered until January 3 and was reported to gardai but the data protection watchdog was not informed for about a month.



The information on the laptops included passport and driving licence details, financial statements and bank card details.



Meteor and eMobile, which is owned by Eircom, had pleaded guilty at Dublin District Court on September 10 last to three charges under the Data Protection Act. The court had ordered both companies to donate €15,000 to two charities.



Today, the case resumed and Judge John O'Neill was furnished with receipts showing the phone companies had made the donations to children's charity the Laura Lynn Foundation and the Pieta House suicide awareness centre.



The judge then struck out the case.



In the hearing last month, Assistant Data Protection Commissioner Tony Delaney gave evidence and the court heard that both companies accepted that there had been a delay in telling the Data Protection Commissioner as well as the customers involved and that the data on the laptops had not been properly encrypted.



The court heard it took about 30 days before it was reported to Data Protection Commissioner.



It took from six weeks to two months before customers learned about what happened to laptops containing personal and financial information about them.



Some 3,944 Meteor customers and 6,295 Emobile customers were affected by the data breach.



Judge O'Neill had said both mobile phone operators had not followed regulations and should have notified the commissioner earlier but he noted they had pleaded guilty and neither company had prior convictions from breaching data protection laws.





Business Newsletter

Read the leading stories from the world of Business.

Also in Business