‘One of the most serious data breaches ever’ – Data Protection Commission

first_imgThe Data Protection Commission has described the sale of information by a Donegal-based civil servant as “one of the most serious data breaches everuncovered in this State.”It follows the jailing of Letterkenny-based civil servant Rory Lenihan today.Mr Lenihan was jailed for 12 months after pleading guilty to 12 sample charges of selling information relating to the personal details held at the Department of Social Protection. Welcoming today’s court outcome, Assistant Commissioner Tony Delaneysaid today’s sentencing hearing brings to an end lengthy courtproceedings which followed separate investigations by An GardaSíochána and the Data Protection Commissioner (DPC) which began inDecember 2010.He revealed “The DPC conducted a detailed investigation in 2010 – 2011 of threecompanies in the insurance sector. That investigation culminated inthe successful prosecution under the Data Protection Acts of thosecompanies, Zurich Insurance Plc, FBD Insurance Plc and TravelersInsurance Company Limited at the Dublin Metropolitan District Court inFebruary 2012.“The investigation followed the receipt of a formal breach report fromthe Department of Employment Affairs and Social Protection ofsuspected leaking to third parties by one of its officials of personaldata held on the Department’s computer systems. Our investigationfound evidence on claims files in the insurance companies concerned ofsocial welfare information concerning a number of insurance claimants.“We established that the social welfare information had been suppliedto the insurance companies by a firm of private investigators, havingbeen disclosed to them by the defendant in today’s proceedings, Mr.Rory Lenihan.” He added that the “form and scale of the offending behaviour whichcame to light in the investigation of this case was shocking.”“This case stands out as one of the most serious data breaches everuncovered in this State. That a civil servant, who had ready accessfor the performance of his official duties to the social welfarerecords of every customer of the Department, abused his position andtrawled through those records and passed on personal information fromthem to private investigators in exchange for corrupt payments isscandalous and appalling.“In the intervening years since this case first came to light in late2010, the DPC has devoted significant resources to the detection ofleakage of personal data from State databases to privateinvestigators. Our work in that area, which is ongoing, has yieldedpositive results with the detection and subsequent prosecution of fiveprivate investigation entities since 2014 on charges of havingobtained personal data from State databases without authority andpassing it on to third parties in the insurance or financial sectors.”He said today’s Court outcome should serve as a very clear warning toemployees in all sectors against snooping through, or disclosing to,unauthorised third parties personal data that may be at their disposalin their workplace for the performance of their duties.“Employees are given access to records of personal data forwork-related purposes. Any deviation by employees from those officialpurposes, such as accessing records to obtain information on behalf offamily, friends or others, constitutes a breach of data protectionlegislation which could result in serious consequences for theemployees concerned.” ‘One of the most serious data breaches ever’ – Data Protection Commission was last modified: January 27th, 2018 by StephenShare this:Click to share on Facebook (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)Click to share on Skype (Opens in new window)Click to print (Opens in new window)Tags:courtData ProtectionRory LenihanTony Delaneylast_img read more