Data Protection Breach - Government Dept

NGUYEN01 · 10-05-2015 6:07pm #1

Hi all

I recently complained about a data breach by a Government Dept to the department itself and also to the Irish Data Commissioner.

I have received a response after 6 months from the Government dept and they have admitted that there was a breach and they have put control in place to ensure that it doesn't happen again. However, they have not told me the person name you gave my information to the 3rd party or what sanctions were imposed and quite honestly I do not believe them when they say it will never happen again.

I have yet to receive a response from the Data Commissioner ....

Do anyone know if I can take a legal case against them for this data breach ? I also don't know how many 3rd parties receive the information I only know of one as they contacted me.

Thanks in advance

Fred Swanson · 10-05-2015 6:32pm

This post has been deleted.

Manach · 10-05-2015 6:46pm

Offhand, my understanding is there an obligation on the Govern Dept. to ensure that take reasonable care of personal data. Be they processors of the data or consumers. However, and this also applies to Private Sector & other states, from various books/studies the care of people's data can vary quite a lot with some of even the most basic guidelines (access control, auditing, a measure of encryption) not done. In this case I'd not know offhand the legislation's remedies, but at a guess there would need to a demonstration of harm caused to the OP?

Pro Hoc Vice · 10-05-2015 7:56pm

NGUYEN01 wrote: »

Hi all

I recently complained about a data breach by a Government Dept to the department itself and also to the Irish Data Commissioner.

I have received a response after 6 months from the Government dept and they have admitted that there was a breach and they have put control in place to ensure that it doesn't happen again. However, they have not told me the person name you gave my information to the 3rd party or what sanctions were imposed and quite honestly I do not believe them when they say it will never happen again.

I have yet to receive a response from the Data Commissioner ....

Do anyone know if I can take a legal case against them for this data breach ? I also don't know how many 3rd parties receive the information I only know of one as they contacted me.

Thanks in advance

So you want the Gov Dept to breach their employees data protection rights by giving you that person private data including name and any sanctions imposed in relation to this event.

Victor · 11-05-2015 1:54am

Pro Hoc Vice wrote: »

So you want the Gov Dept to breach their employees data protection rights by giving you that person private data including name and any sanctions imposed in relation to this event.

There is the opinion that one's name is public information. The sanction detail need not be given, but that a sanction was imposed might be legitimate.

sdanseo · 11-05-2015 2:00am

I wouldn't have thought there was any obligation to say who, specifically, caused what to happen internally. The person would have been acting as an agent of or on behalf of the Department, and therefore legally speaking, the Department made the error.

Victor · 11-05-2015 2:24am

sdanseo wrote: »

I wouldn't have thought there was any obligation to say who, specifically, caused what to happen internally. The person would have been acting as an agent of or on behalf of the Department, and therefore legally speaking, the Department made the error.

Legally, the department doesn't exist and is merely an extension of the Minister.

Data Protection Breach - Government Dept

Comments