NAMA will not obey Data Protection Commissioner instructions

iomusicdublin

Doe's this mean Nama or other vulture funds will now not bother to legally provide personal information that it holds on its customer's.


NAMA will not appeal decision it broke law over data

https://www.businesspost.ie/news/nama-will-not-appeal-decision-broke-law-data-414140

A data-protection ruling involving State assets agency Nama could force vulture funds to tell homeowners how much they paid to buy their mortgages, one expert says.

Data Protection Commissioner Helen Dixon ruled this week that the agency had to provide builders Michael and John O’Flynn with personal information that it holds on the pair.

Peregrinus

It means the opposite of what you think. NAMA will not appeal the decision - i.e. they will not seek to have it overturned by a court. That implies that they will accept it as a correct statement of law, and will observe it.

listermint

They would get crumbled by EU legislation if they didnt so there was nothing to fight for

iomusicdublin

Peregrinus wrote: »

It means the opposite of what you think. NAMA will not appeal the decision - i.e. they will not seek to have it overturned by a court. That implies that they will accept it as a correct statement of law, and will observe it.

yes I understand that

the question was

doe's it not have to bother to legally provide personal information that it holds on its customer's.

Mrs OBumble

Peregrinus wrote: »

It means the opposite of what you think. NAMA will not appeal the decision - i.e. they will not seek to have it overturned by a court. That implies that they will accept it as a correct statement of law, and will observe it.

What makes you think they will observe it?

An organisation i am involved in has decided to breach GDPR - because our leaders believe that child safety is more important than individual privacy, and that child safety requires transparency. In the event we get pinged on it, we will cheerfully admit that we break the law and that we will continue to do so.

randomrb

Mrs OBumble wrote: »

What makes you think they will observe it?

An organisation i am involved in has decided to breach GDPR - because our leaders believe that child safety is more important than individual privacy, and that child safety requires transparency. In the event we get pinged on it, we will cheerfully admit that we break the law and that we will continue to do so.

One of the main strands of GDPR is to improve transparency of information held. In what way are you breaching to improve transparency?

Fred Swanson

This post has been deleted.

gizmo555

Fred Swanson wrote: »

This post has been deleted.

This is a key change in the GDPR in this jurisdiction. To my mind, it is even more noteworthy than the increased scale of penalties. Most fines, you'd have to assume, won't come near the maximum. But it's the sheer range of infringements which will be subject to financial penalties that is most significant.

There are many things which are unlawful under the Data Protection Acts, but aren't offences. And, for example, there is effectively no current sanction on Nama for failing to respond to this request in a timely and complete manner. In principle, the O'Flynn brothers could sue for damages, if they could prove they suffered harm or loss as a result. The Data Protection Commissioner could also serve Nama with an Enforcement Notice, which it would be an offence to fail to comply with. But otherwise, Nama won't be penalised.

However, after the GDPR is in effect, this and very many other infringements which are not directly subject to financial penalties at present, will be.

Mrs OBumble

randomrb wrote: »

One of the main strands of GDPR is to improve transparency of information held. In what way are you breaching to improve transparency?

Children, youth and adults will all continue to sign themselves in to events using the one sign-in book. They can all see everyone else's sign in records, for events they are and are not attending. This book will be retained by the organisation forever, and individual records will not be removed from it even if a person requests it.

Maling attendance records private and updateable would destroy ten plus years of child protection improvements.

Fred Swanson

This post has been deleted.

Mrs OBumble

Fred Swanson wrote: »

There may be trouble ahead.

There has been significant trouble in the past.

Anyone who challenges these procedures is likely to be seen as wanting to abuse children and get away with it by hiding their behaviour.

Fred Swanson

This post has been deleted.

Mrs OBumble

Fred Swanson wrote: »

This post has been deleted.

I don't think so.

The policies and procedures, and the reasons for them, are well documented, and proportionate to the risks involved. Explanation about them is available to everyone who signs in or out. In our branch, the policy booklet lives right because the sign-in book, and everyone is free (and encouraged) to read it at any time.

One of the major issues with investigating historic claims of sexual abuse has been the lack of hard data about who was or was not present at certain days and times.. That's what the record keeping addresses. If Johnny-Kiddy-Fiddler can work his mischief and then have himself removed from the records and be able to claim "But I wasn't even there that day" it would put things right back where they were, with children suffering.

Secret record-keeping, which does not actively involve the people about whom the records are kept and which is managed only by leader/staff, is also a known risk. There's no cross-check that it's being done consistently and correctly, or transparency about what's going on. It encourages keeping secrets in other areas - when our first rule for working with young people is "no secrets".

There's probably a case for revising the retention period - attendance registers can probably be destroyed after the death of the last person in them. But until then there's always the risk that a claim of abuse will be made, and need to be investigated.

Robbo

Mrs OBumble wrote: »

I don't think so.

The policies and procedures, and the reasons for them, are well documented, and proportionate to the risks involved. Explanation about them is available to everyone who signs in or out. In our branch, the policy booklet lives right because the sign-in book, and everyone is free (and encouraged) to read it at any time.

One of the major issues with investigating historic claims of sexual abuse has been the lack of hard data about who was or was not present at certain days and times.. That's what the record keeping addresses. If Johnny-Kiddy-Fiddler can work his mischief and then have himself removed from the records and be able to claim "But I wasn't even there that day" it would put things right back where they were, with children suffering.

Secret record-keeping, which does not actively involve the people about whom the records are kept and which is managed only by leader/staff, is also a known risk. There's no cross-check that it's being done consistently and correctly, or transparency about what's going on. It encourages keeping secrets in other areas - when our first rule for working with young people is "no secrets".

There's probably a case for revising the retention period - attendance registers can probably be destroyed after the death of the last person in them. But until then there's always the risk that a claim of abuse will be made, and need to be investigated.

For the love of all that is sane, seek some professional legal advice on this. I don't know who's proposing this but their advice is problematic on several levels and they clearly aren't qualified. Whoever's proposing this is out of their depth and is going to land the organisation in a monstrous amount of trouble because they thought they could Google their way along.

Child protection can be achieved in less Stasi-esque manners if some intellect is applied to the issue. There are many practitioners who specialise in this particular area and if it's a voluntary or charitable organsation, pro bono advice is often available.