Civil servant who sold personal details of hundreds of people to private investigators jailed
A civil servant who sold on the personal details of hundreds of people has been sentenced to one year in prison.
Rory Lenihan received almost €22,000 over a three year period from private investigators while he was based at the Department of Social Protection in Letterkenny, Co Donegal.
Lenihan, aged 50 and originally from Dublin, had pleaded guilty to twelve sample charges of receiving payments for information.
Details of how Lenihan, a clerical officer in the treatments benefits sections, stayed behind during his lunch break to access details and to make phonecalls were given earlier this week at Letterkenny Circuit Court.
Judge John Aylmer adjourned sentence until today to consider the sentence.
Addressing the court, the Judge said he considered Lenihan's actions to be in the mid range for such offences.
He said there was a significant breach of trust and privacy of all citizens information held by the Department of Social, Community and Family Affairs where Lenihan had worked.
He said this resulted in an undermining of public confidence and that Lenihan's sole motivation was personal gain.
He said he had no option but to impose a custodial sentence because of the gravity of the offences and the fact that they took place over a prolonged period of time.
He added that there were a number of mitigating factors in the case including the fact that Lenihan had no previous convictions, the case had cost him his marriage, he had shown genuine remorse and the Probation Services had said there was a low risk of Lenihan reoffending.
He had also lost his job, was now on social welfare and that there would be adverse publicity from the media's coverage of the case.
He sentenced Lenihan to two years on each of the 12 sample charges but suspended the final 12 months of each sentence and ordered all charges to run concurrently.
Dressed in navy trousers and a navy top, Lenihan, who was accompanied to court by family and friends, closed his eyes as the sentence was delivered.
The father of five, pleaded guilty to 12 sample charges of stealing information from social welfare recipients and selling them to two private investigators.
The court was told that this information including the location of those involved as well as their loans, etc were then passed on to various banks and solicitor's offices.
Senior counsel Alex Owens, representing the Director of Public Prosecutions, said that in total Lenihan was accused of 41 charges amounting to a total theft of €21,898.
In September 2010, Lenihan's supervisor Paul Bradley became suspicious of his behaviour when he stayed at his desk and used the phone during his lunch-break.
The computer system, known as Infosys, required a username and a special password for employees to log into.
Mr Bradley informed his supervisor Des Kernan and an internal investigation was launched which included the checking of files which Lenihan was checking on as well as cross-referencing phone numbers which he was calling.
Mr Bradley and Kernan approached Lenihan and he admitted that he was passing on information and receiving some payments in return.
The extraction of material had lasted from January 2008 until October, 2010.
In total Lenihan, whose address was given as Ballaghderg, Letterkenny, was paid €23 for information on each person, money which would be paid by credit in lump sums to his Ulster Bank account in Donegal Town.
He was paid the money by two private investigators, a John Buckley, based on the Navan Road and a Brian Foy, which a business address in Leixlip.
Detective Garda Peter Cullen said the investigation was a complex one which he had been working on for between three and four years.
He said he was aware that from examining Lenihan's bank records form the time that he faced various financial difficulties.
The accused man's sister Maria gave evidence in the case regarding her brother's upbringing.
He said the family had owned a shop in Dublin and that they were a very law-abiding family who had never been in trouble.
She told how her family were standing beside their brother as he was a good man, who excelled at sport, was a good father and a good person who had made a mistake.
The court was told that Mr Lenihan had no previous convictions.
Defence barrister Peter Nolan said this was a criminal act carried out by someone who wasn't a criminal.
He added that his client was the only one before the court despite the fact that two others were directly involved and the information had been passed on to various financial institutions.
"It seems to me that Mr Lenihan is the one carrying the can for the actions of two other people who were at least aiders and abetters. He would not have given the information if he was not called and financial inducement offered.
"These two other gentlemen, for some reason best known to the DPP, were not. I hope they're not ringng some other poor unfortunate civil servant looking for information.
"His friends, family and parents are devastated. He's the man who stole and got sacked from his department and cannot be trusted. He is a pariah to a large extent.
"Sometimes the doing of the crime far outweighs any punishment that can be given and he will be punished until the day he dies. I ask you to consider that and the impact the publicity will also have.
"I will ask you to view him not as a criminal but as a man who has committed a stupid criminal act for what - for €21,000? These were the actions of a desperate man in financial straits. I don't see what it would be achieved in sending him to jail," said Mr Nolan.
Following his sentence, Lenihan chatted briefly with family and friends before being led away by prison officers.
The Data Protection Commission welcomed the outcome of prosecution proceedings.
Welcoming today’s court outcome, Assistant Commissioner Tony Delaney said today’s sentencing hearing brings to an end lengthy court proceedings which followed separate investigations by An Garda Síochána and the Data Protection Commissioner (DPC) which began in December 2010.
"The DPC conducted a detailed investigation in 2010 - 2011 of three companies in the insurance sector. That investigation culminated in the successful prosecution under the Data Protection Acts of those companies, Zurich Insurance Plc, FBD Insurance Plc and Travelers Insurance Company Limited at the Dublin Metropolitan District Court in February 2012.
"The investigation followed the receipt of a formal breach report from the Department of Employment Affairs and Social Protection of suspected leaking to third parties by one of its officials of personal data held on the Department’s computer systems. Our investigation found evidence on claims files in the insurance companies concerned of social welfare information concerning a number of insurance claimants.
We established that the social welfare information had been supplied to the insurance companies by a firm of private investigators, having been disclosed to them by the defendant in today’s proceedings, Mr. Rory Lenihan."
He added that the "form and scale of the offending behaviour which came to light in the investigation of this case was shocking."
"This case stands out as one of the most serious data breaches ever uncovered in this State. That a civil servant, who had ready access for the performance of his official duties to the social welfare records of every customer of the Department, abused his position and trawled through those records and passed on personal information from them to private investigators in exchange for corrupt payments is scandalous and appalling.
"In the intervening years since this case first came to light in late 2010, the DPC has devoted significant resources to the detection of leakage of personal data from State databases to private investigators. Our work in that area, which is ongoing, has yielded positive results with the detection and subsequent prosecution of five private investigation entities since 2014 on charges of having obtained personal data from State databases without authority and passing it on to third parties in the insurance or financial sectors.
"Today’s Court outcome should serve as a very clear warning to employees in all sectors against snooping through, or disclosing to, unauthorised third parties personal data that may be at their disposal in their workplace for the performance of their duties.
"Employees are given access to records of personal data for work-related purposes. Any deviation by employees from those official purposes, such as accessing records to obtain information on behalf of family, friends or others, constitutes a breach of data protection legislation which could result in serious consequences for the employees concerned.”