Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Good news everyone! The Boards.ie Subscription service is live. See here: https://subscriptions.boards.ie/

GDPR breach by Government dept

  • 15-04-2019 10:16PM
    #1
    Registered Users, Registered Users 2 Posts: 50 ✭✭


    I got an email from a Government Department last week concerning a data breach.
    Personal data - my name, address, PPSN number, telephone number and details of payments received for 2017 had been sent to a 3rd party.
    The 3rd party have been contacted and have promised to delete the information.
    Gov Dept say that I am not entitled to know who received my data.
    How do I find out who received my personal details ?


Comments

  • Registered Users, Registered Users 2, Paid Member Posts: 6,937 ✭✭✭brian_t


    janedoe007 wrote: »
    How do I find out who received my personal details ?
    They have the same right to privacy as you do.

    Two wrongs don't make a right.


  • Registered Users, Registered Users 2 Posts: 10,904 ✭✭✭✭Riskymove


    brian_t wrote: »
    They have the same right to privacy as you do.

    Not necessarily, for example GDPR doesn't apply to a company


  • Registered Users, Registered Users 2 Posts: 10,904 ✭✭✭✭Riskymove


    janedoe007 wrote: »
    Gov Dept say that I am not entitled to know who received my data.

    they are right

    this is the minimum they should include in their notification to you
    a description of the nature of the breach;
     the name and contact details of the data protection officer or other contact point;
     a description of the likely consequences of the breach; and
     a description of the measures taken or proposed to be taken by the controller to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

    IMO they should at least give some indication of who the 3rd party might be but this should be reflected in what steps they advise you take.

    In any event if you have an issue you should contact the Data Protection Commission who should also have been notified of the breach


  • Moderators, Regional Midwest Moderators Posts: 11,314 Mod ✭✭✭✭MarkR


    They can't advise who they sent it to, as that would be another breach. If you, for example, received someone's bank details in the post. Bank realises, calls you, and you shred the document. You'd hardly want the owner of the bank statement contacting you directly about it?


Advertisement