Thursday 14 December 2017

Snooping civil servants who gave out personal data keep their jobs

Edel Kennedy

CIVIL servants snooped on personal data and recklessly passed it on to unknown callers -- but they kept their jobs after pleading ignorance.

The Irish Independent has learnt that almost 100 employees in the Department of Social Protection accessed and passed on highly sensitive information, or snooped on their friends, colleagues and well-known personalities.

But despite thousands of records being improperly accessed over the past seven years, not one member of staff has been sacked for their conduct. This is despite them breaching both the Data Protection Act and the department's own internal rules.

Figures show that 87 staff members had been "sanctioned" in that period for improperly accessing sensitive data. The punishments included official warnings, loss of increments or being banned from applying for a promotion.

Three staff members were suspended pending investigations while three resigned from their positions during an investigation into their conduct. However the department could not clarify last night if the three who were suspended were the same three who resigned.

A number of department staff have admitted passing information over the phone to unauthorised officials -- but all denied any wrongdoing or that they benefited in any way from their actions.

The details come after it emerged earlier this week that gardai are investigating allegations that a rogue department official leaked confidential information to a private investigator working for insurance companies.

Details emerged after three insurance companies -- FBD Insurance, Zurich Insurance and Travelers Insurance Company -- pleaded guilty to two charges of wrongfully keeping data supplied to them by a private detective.

Some of the other breaches uncovered by the Irish Independent include:

• The address of an individual with "personal safety" issues was given out by a staff member to a caller. The female employee admitted she may have given an individual's address to a "bogus caller purporting to be from the Department of Health and Social Security (DHSS) in the UK".

She also admitted it was "possible" she passed records on three other individuals to the bogus caller who claimed to be from the fraud section of the DHSS.

• A female employee admitted she was regularly contacted by an individual -- whose identity or work title is not revealed -- and would be given 'relevant details' to carry out a client search.

She would then supply the individual with a PPS number.

• A male employee who admitted he sometimes spent over two hours a day checking records out of curiosity -- he later claimed it was because he "had not enough work to do".

There has been a history of data breaches by staff within the department. In 2007 the Irish Independent revealed an employee was arrested after he was found to have passed personal information on three individuals to his criminal brother.

The criminal then burgled one man and attempted to extort money from all three. The case was passed to the gardai but the outcome remains unknown.

The new records obtained under the Freedom of Information Act show that despite the Data Commissioner launching an investigation, breaches are ongoing.

The department was unable to say last night if those whose information was improperly accessed were told about it. However it is understood that those whose records were 'snooped' on were not told.

The department reported one suspected breach of the Data Protection Act to the gardai and is liaising with the gardai on a second case.

Irish Independent

Promoted Links

Today's news headlines, directly to your inbox every morning.

Promoted Links

Editor's Choice

Also in Irish News