The Irish Data Protection Commissioner's annual report, released this week, details a surge in reported data breaches during 2014 as companies and institutions declared more and more errant use of data. Examples include financial statements mailed out to wrong addresses or sensitive information being passed on to brokers or other third parties who are not legally entitled to it.
The report detailed nine prosecutions taken for data protection offenses and referred to 38 audits, including those of Linkedin and An Garda Síochána.
The office of data protection also received 32 complaints referring to delisting requests for Google search results under the new European 'right to be forgotten' law. In total, the office received 960 complaints related to data privacy issues last year, according to the report.
Data Commissioner Helen Dixon said that the Irish data protection office has seen a doubling of its budget from €1.8m to €3.65m and that the office will increase its headcount this year from 29 to 50.
The report also reveals how her office rapped the knuckles of the HSE and a credit union for giving out financial info about employees and members.
A HSE employee's salary details were wrongly given out by the health body to an accountancy firm representing the employee's ex-wife. The HSE admitted that it was harangued into providing the details without the employee's consent and should not have done so.
The report also documents how a credit union disclosed a member's loan and savings information to the member's daughter due to a sloppy staff mistake.
And it criticised the growing practice among letting agencies of demanding bank details, utility bills and PPS numbers before prospective tenants could view properties to rent.