Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Breach of Data Protection Act

  • 23-11-2017 8:37pm
    #1
    Registered Users, Registered Users 2 Posts: 174 ✭✭


    Hi,

    Sorry if this is in the wrong thread but I was wondering could anybody advise me on this?

    A few days ago I received a letter from a national organisation that I was working for last year, stating that they had released my P45 through email to another employee. It took the organisation 4 days to identify the error and to notify the recipient and a further 3 days to notify me.

    What should I do with this as I feel this is quite important?

    Thanks in advance


Comments

  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    The main onus on them is to act appropriately and in a timely manner WHEN they identify that a breach has taken place. From what you describe above, it seems like they've been fairly on the ball. If it was just an isolated incident, they may not be required to report it to the Data Protection Commissioner.

    If you're unsure, contact the DPC and ask for their advice.


  • Registered Users, Registered Users 2 Posts: 798 ✭✭✭Bicycle


    You were actually one of 1,000 former enumerators whose P45s were sent by the CSO to one former enumerator.

    The P45s were on a PDF file and the full file was sent in error.

    You should ring the CSO in Cork on one of the numbers given, and express your concern. I am amazed the press haven't got hold of this story yet.


  • Registered Users, Registered Users 2 Posts: 2,124 ✭✭✭chasm


    Bicycle wrote: »
    You were actually one of 1,000 former enumerators whose P45s were sent by the CSO to one former enumerator.

    The P45s were on a PDF file and the full file was sent in error.

    You should ring the CSO in Cork on one of the numbers given, and express your concern. I am amazed the press haven't got hold of this story yet.

    It seems they have now!
    https://www.independent.ie/irish-news/cso-admits-major-data-breach-as-thousands-of-peoples-details-leaked-out-36351216.html


  • Registered Users, Registered Users 2 Posts: 798 ✭✭✭Bicycle


    chasm wrote: »

    Indeed. However it now appears that FOUR people received the data belonging to 3,000 people. Whereas I was told yesterday it was one person receiving the data of 1,000 people.

    One sincerely hopes that the information was deleted and will not be used for nefarious purposes. However, reading the FB comments on some of the news articles, it would appear - sadly - that people are now losing confidence in the anonymity of the census.

    As someone who has gleaned huge amounts of information on my ancestors from the 1901 and 1911 census data, I feel it deprives future generations of valuable information, if people don't complete their forms accurately.


  • Closed Accounts Posts: 7,728 ✭✭✭Former Former


    Bicycle wrote: »

    One sincerely hopes that the information was deleted and will not be used for nefarious purposes. However, reading the FB comments on some of the news articles, it would appear - sadly - that people are now losing confidence in the anonymity of the census.

    What?? How are the two things in any way linked?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    From reading the article, it seems like a classic example of human error and poor processes, which then resulted in a data breach. Incidents like this have been happening for years, but now we’re more aware and legislation like GDPR is dictating how incidents need to be managed and reported.

    It’s important to note that this HR/payroll data is entirely separate to the census data itself, which I’m willing to bet is handled in a far more secure manner.


  • Registered Users, Registered Users 2 Posts: 84,708 ✭✭✭✭Atlantic Dawn
    M


    I love the "shure it's grand they deleted it" attitude, pure joke.


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    The immediate fix is to ensure that the breach is contained - deleting the emails in this case.

    The next step is to improve the processes and increase awareness so that it doesn’t happen again. With the DPC involved, the CSO will be under a microscope.


  • Registered Users, Registered Users 2 Posts: 30,261 ✭✭✭✭AndrewJRenko


    I love the "shure it's grand they deleted it" attitude, pure joke.
    What else can they do?


Advertisement