Audit finds celebrity data breaches
A celebrity was looked up more than 80 times on the internal garda database, it has emerged.
The Data Protection Commissioner revealed a second high-profile personality had their file accessed 50 times on the Pulse system, with the details of another three personalities and a GAA star also checked for non-official police business.
Billy Hawkes said the celebrities - who were recorded as witnesses or victims of crimes on the logs - were not told about the data breaches as the records were reviewed "out of curiosity" and no damage was caused.
The checks were discovered during an ad-hoc, on the spot inspection of Pulse, which began last year before a new directive was issued by Garda Commissioner Martin Callinan in December. "It was at the minor end but obviously it should not happen," Mr Hawkes added.
The Data Protection Commissioner said a record 1,349 complaints were lodged with his office last year, with almost half taken under privacy in electronics regulations. Some 200 cases were taken to court against 11 firms and audits were carried out in 40 organisations, including the Department of Social Protection's database.
"The audit highlights significant failings in public bodies with unauthorised access to sensitive data taken place on a worrying scale," Mr Hawkes said. "The same issue is arising in our audit of An Garda Siochana pulse system. People have a right to be assured that their personal data is treated with respect by public bodies, especially as we generally do not have a choice about handing over our data to such bodies."
A litany of failings were uncovered during the audit of the department's Infosys database, a system used by a range of external third party government agencies and bodies which holds 7.7 million client records, including:
A civil servant in the department allegedly accessed social welfare records for private investigators for a number of insurance companies. The three firms were prosecuted while the criminal garda probe continues.
HSE employees searched social welfare records of their own spouses, sons, daughters and in one case their son's girlfriend, and one worker with the CSO obtained addresses to send mass cards following a family bereavement.
"The most striking outcome if the investigation was the number of incidents of inappropriate access identified during the course of the investigation," the report added. "Explanations eventually obtained by the investigations team for inappropriate views by users of Infosys ranged from the bizarre to the banal, from the posting of Christmas cards and mass cards to the reason of nothing but pure curiosity."