Pharmacy allowed husband watch footage of wife buying pregnancy test, court hears

Irish Times, 14^th November 2014

A Co Wicklow mother, who claimed a pharmacy allowed her husband to watch CCTV footage of her buying a pregnancy test kit, has settled a €38,000 damages claim against the pharmacy for an undisclosed sum.

The woman, who cannot be named by order of the judge in the Circuit Civil Court, said her marriage had been highly dysfunctional and difficult for a number of years before the October 2010 incident. The incident, she said, worsened her relationship with her now deceased husband.

She told her barrister Martina O’Neill that she had bought the pregnancy test for a friend, but her husband found the receipt in their home and went to the pharmacy with it.

The court heard the husband was very possessive and had displayed abusive and violent behaviour towards his wife. When he arrived at the pharmacy he pretended to be very distressed and “tricked” one of the employees into showing him CCTV coverage of the actual purchase.

The husband told the pharmacy employee he had found the receipt in his teenage daughter’s bedroom and was concerned that she was sexually active. This had been why he had asked to be shown CCTV footage.

When asked by counsel for the pharmacy if her husband could have played “a low trick” on the employee, the woman said she could see him playing such a role as he would have been very good at it.

Mr English told the court the pharmacy assistant was very concerned for the wellbeing of the man’s teenage daughter and, due to his agitated state, showed him CCTV footage of a woman purchasing the test.

Circuit Court president Mr Justice Raymond Groarke was told that the father, who had identified the woman as being his daughter’s aunt, had secretly taken pictures of the CCTV footage with his mobile phone. The court heard the woman in the video was, in fact, the girl’s mother and plaintiff in the court proceedings.

The mother told the court she and her husband were not having an intimate relationship at the time and this had led to a row with her husband as he thought she had bought the test for herself.

She said her husband sent her, on her own mobile phone, a picture of her purchasing the pregnancy test. She had been scared about going home as she knew he would use it to start a row.

The woman told the judge that her husband and she had separated on and off. He had been physically and mentally abusive towards her. Gardaí­ had intervened several times after being called by the couple’s children.

The court heard the incident had not made their “traumatic marriage” any better as the husband had used the pregnancy test purchase as “a stick to beat her with” and made her life a misery.

“Every day after that he would talk about it any chance he could get. He became abusive on a daily basis,” she told the court.

She suffered acute stress and depression and had needed to obtain counselling and medication.

The woman said she had complained to the then Data Protection Commissioner, Billy Hawkes, who had found there had been a breach of the Data Protection laws.

The mother had afterwards issued the court proceedings in which she sued the pharmacy under the Data Protection Act for negligence and breach of duty in allowing the footage to be shown to the father.

Mr English told Judge Groarke that if the father had taken photographs of a computer screen, he had done so without the pharmacy’s consent and the pharmacy fully contested the mother’s claim.

Counsel said the act allowed for personal data to be given to a third party if it was required urgently to protect someone’s health. He said the father had been highly agitated and distressed.

Following a brief adjournment to allow talks between the parties, Ms O’Neill said the matter had resolved. The judge, who had earlier refused an application by Ms O’Neill for the case to be heard in camera but had made an order restraining identity of any of the parties, struck out the case

 

20% of ‘right to be forgotten’ requests concern an image

Irish Times 25^th September 2014

French start-up Forget.me, which helps consumers remove information about themselves from Google, has said almost 20 per cent of Irish requests under the “right to be forgotten ruling” concern an image.

The European Court of Justice ruled in May that individuals have the right, in certain circumstances, to ask search engines to remove links with personal information about them.

Established by online reputation agency Reputation VIP, Forget.me helps users through the process of asking Google to remove information.

Since setting up in June, the start-up has received applications requesting the removal of almost 300 links from Irish people.

Three-quarters of applications were refused by Google, as they were “deliberately placed in public”, concerned another person, or were still relevant.

Some 8.5 per cent of requests were refused as the person seeking removal of information was the author of that information and could change it themselves on social media.

Forget.me said 18 per cent of Irish requests concerned an image, and Ireland is the ninth country in the number of requests, with 294 URL removals. In comparison, the UK ranked first with 3,700 requests for URL removals.

Requests declined

Overall, Google decli- ned 59 per cent of requests submitted by Forget.me seeking the removal of information on behalf of people throughout Europe.

This is based on more than 15,000 URLs sent to Google via Forget.me, from 30 countries.

Within one week of launching on June 24th, 13,000 people had registered on Forget.me and submitted 1,106 “right to be forgotten” applications requesting the removal of a total of 5,218 links.

Invasions of privacy, defamation and insult represented just over 50 per cent of all Google content removal requests.

Helen Dixon appointed as Data Protection Commissioner

Former companies registrar and Department of Jobs official succeeds Billy Hawkes

Irish Times, 10^th September 2014

The Government has announced the appointment of Helen Dixon as the new Data Protection Commissioner.

Ms Dixon, who has previously held senior management positions in the Department of Jobs, Enterprise and Innovation, succeeds Billy Hawkes, who retired last month.

He had been in the role since 2005, serving two separate terms.

In a statement, a Government spokesman said Ms Dixon brings “a wealth of experience and expertise to her new role, both in the public and private sectors”.

She was appointed registrar with the Companies Registration Office in December 2009 having previously held senior management positions in the Department of Jobs.

She served an 11-year career in two US IT multinationals with their EMEA bases in Ireland.

The new commissioner holds an honours undergraduate degree in Applied Languages (French and German), a Masters in European Economic and Public Affairs, a postgraduate diploma in Computer Science and a Masters in Governance from Queen’s University Belfast.

She was appointed an honorary fellow of the Institute of Chartered Secretaries and Administrators in 2014.

Ms Dixon is the first woman in the role. She will take up her appointment over the coming weeks.

Minister for Data Protection Dara Murphy, who was just recently appointed to the newly created Government position, welcomed the appointment.

“The role of the office of the Data Protection Commissioner as an independent body which has responsibility for safeguarding data in Ireland is of critical importance.

“As we move at an increasingly faster pace into the digital age, it is fundamental that we ensure that our data, which is becoming an increasingly valuable asset, is afforded the optimum level of protection,” he said.

“This is a function which the Data Protection Commissioner has performed since the role was established in 1988 and will become even more significant in the years ahead.”

Mr Murphy congratulated Ms Dixon on her appointment andwished her success in her “important new role”.

The appointment comes at a challenging time for the protection of individual privacy and at a major juncture in the development of European data protection law.

Ms Dixon will be responsible for the protection of the personal data of hundreds of millions of European citizens due to the fact that several US multinationals, including Facebook, Linkedin and Apple have based their EU headquarters in Ireland.

A case in which her predecessor, Billy Hawkes, refused to investigate claims of a mass transfer of personal data to US intelligence services via Facebook has been referred by the High Court to the Court of Justice of the European Union.

A decision is not expected in the case - which has implications for an agreement between the EU and the European Union on how such transfers of personal data may legally take place - before next year.

Tough challenges ahead for new Data Protection Commissioner

Never have the issues of data protection and personal privacy had such high profile

Irish Times 18^th September 2014

What does Ireland need from its new Data Protection Commissioner?

We now know who has replaced former Commissioner Billy Hawkes, who retired from the role in August: civil servant Helen Dixon, who up until now has been registrar with the Companies Registration Office.

Prior to that, she was a principal officer in the Department of Enterprise, Trade and Innovation. She also worked for US technology company Citrix at its Europe, Middle East and Africa office in Ireland, as manager of Technical Support Services.

Pivotal point

She comes to the role at a pivotal and daunting point. Never have the issues of data protection and personal privacy had such high profile. Along with media coverage of repeated breaches of data in this country and internationally, the general public has had more than a year of leaks from the trove of documents obtained by former US government contractor and whistleblower Edward Snowden.

Those – revealing a shocking degree of large scale surreptitious digital data gathering on ordinary citizens by US and UK surveillance agencies – have rattled international relations.

In particular, the revelations have spurred the EU to push for more restrictions on access to its citizens’ data and greater national and international oversight.

On the US side, elected representatives, privacy organisations and the general public have demanded explanations and more transparency in how law enforcement agencies acquire and use personal data.

And, somewhere in the middle, with their exact involvement still a mystery, sit many multinational companies – especially in the technology and online sector – which handle teraflops of data from customers and service users around the world, every day.

Some are known to have passed data to US agencies, with many of these continuing to request they be given permission from the US government to reveal more about what they are asked for, and when and how they complied. Others state they had no idea US and UK agencies were siphoning off their users’ data.

In this tense atmosphere, the EU has signaled that it will bring in a more restrictive and clearly defined Data Protection Regulation next year. This must by transposed directly, not piecemeal as had been the case with the existing directive, which came out of legislation in a pre-internet era.

All indications are that the EU will require data misuse complaints against companies be referred to the Data Protection Commissioner in the EU state in which the company has its European headquarters.

‘No data breach’ says Irish Water, despite sending 6,329 letters to the wrong address

The Data Protection Commissioner has not said whether a breach took place.

The Journal, 10^th September 2014

IRISH WATER HAS apologized for sending more than 6,000 letters with incorrect names to customers, but says it does not believe the mistake represents a data breach.

The semi-state company had been investigating the possibility of a data breach after it emerged that letters sent to 6,329 multiple home-owners this month were wrongly addressed.

Ironically, the letters had asked customers to confirm their personal details, to allow Irish Water to update their customer database before water charges come into force next month.

Responding to an enquiry from TheJournal.ie, a spokesperson from the office of the Data Protection Commissioner did not address whether or not a data breach had taken place.

In their statement this evening, Irish Water confirmed the mistake had come to their attention last Tuesday, and that they had reported it to the Data Protection Commissioner.

In line with this process, Irish Water has sent letters to owners of multiple properties asking them to confirm the details of properties they own. Irish Water is aware that incorrect names have appeared on correspondence issued to 6,329 of these individuals. This became apparent on 4th September.

Irish Water acted immediately to resolve this issue and all of the property owners affected have been advised accordingly.

On becoming aware of the issue, Irish Water also immediately informed the Office of the Data Protection Commissioner (DPC) and our understanding is that the issuing of the letters does not constitute a breach and that the Office of the DPC are satisfied with how Irish Water have dealt with the issue.

Our customer contact centre (1890 448 448) is available to respond to any customer queries or concerns.

Irish Water has apologised for any confusion and concern that this might have caused affected customers.

Despite an enquiry by TheJournal.ie, the Office of the DPC did not clarify this evening whether or not a data breach had occurred.

A spokesperson did, however, say the DPC had “concluded its investigation.”

Irish Water notified this office on 4th September of a potential data security breach…

Irish Water notified the affected individuals of the matter and sought return of the incorrectly addressed letters.

Irish Water have informed this office of the steps being taken to prevent a repeat of this type of incident.

On this basis, this office concluded its investigation into the matter.

Credit Unions will be pursued for data protection breach

The Irish League of Credit Unions has said that it will undertake a full review into the credit unions that used private investigators that illegally obtained personal data from the Department of Social Protection. The move follows the revelations regarding the use of so called tracing agents by four credit unions in Limerick, five in the midlands, two in Dublin and one in Meath. The branches face the prospect of being required to destroy any personal data handed over by private investigators, which are currently being probed by the Data Protection Commissioner. Prosecutions, which could result in fines for the private detective firms in question, are expected to follow.  

Have you been effected by the above breaches?

Have your data protection rights been breached by a Credit Union?

We have represented clients whose information has been disclosed by Credit Unions.

Credit unions who got stolen data may now be asked to destroy it

Irish Independent 19^th August 2014 

A full review is to be undertaken into credit unions that used private investigators who illegally obtained personal data from the Department of Social Protection.

The Irish League of Credit Unions (ILCU) announced the move yesterday as the minister with responsibility for data protection said he was “deeply concerned” by revelations in this newspaper.

The credit union network has been rocked by an Irish Independent investigation into the use of so-called tracing agents. The branches at the centre of the scandal face the prospect of being told to destroy any personal data handed over by private investigators who are being probed by the Data Protection Commissioner. These credit unions include four in Limerick, five in the midlands, two in Dublin and one in Meath. Assistant Data Protection Commissioner Tony Delaney is pursuing a number of firms who used false identities and blagging tactics to illegally obtain the information from the Department of Social Protection. While the credit unions who received the stolen data insist they were not aware of the methods used by the private investigators, the ILCU last night said a review into the use of the firms will take place.

Minister for Data Protection Dara Murphy said he was "deeply concerned" at the revelations. And Fianna Fail finance spokesman Michael McGrath called for the establishment of a code of conduct for financial 
institutions enlisting the services of private investigators. "The issues raised by the Irish Independent are very grave. The Central Bank must devise a code of conduct that would apply to the use of Private Investigators by financial institutions. Such a code is of paramount importance to ensure the integrity of people's personal data is protected at all times," Mr McGrath said. Meanwhile, the Central Bank last night said it expected all credit unions to fully co-operate with the Office of the Data Protection Commissioner. "The Central Bank expects that each credit union fully complies with all legal and regulatory obligations including all data protection requirements," a spokesperson said. "The Central Bank will assess the need for correspondence with individual credit unions and/or the credit union sector in relation to specific issues arising from this matter. "The investigation by Assistant Commissioner Delaney was launched last July and established that state officials had been duped by private investigators hired by credit unions. In some instances, agents contacted welfare officials and obtained addresses and employment details through a single phone call. The agents struck up a rapport with the unsuspecting department officials who they continually contacted for personal data. They introduced themselves as fellow state officials, from departments north and south of the Border. At least 78 credit union customers had their information breached. However, it is believed reams of other data was obtained by agents who targeted other state agencies. Some credit unions paid out €50 per single address. The Irish Independent 
understands credit unions who are storing stolen data may be asked to destroy it. The Department of Social Protection has said it continuously reviews its internal controls and takes data protection responsibilities very seriously. In a statement to the Irish Independent, the ILCU confirmed that a review of the use of private investigators would take place. The umbrella body, with represents 374 credit 
unions nationwide, also said it would be seeking a meeting with the Office of the Data Protection Commissioner "to ensure best practice going forward for all credit unions using tracing agents or private investigators". "We take very seriously any allegation that a private investigator working for a credit union has obtained information on members illegally. The ILCU has written to our affiliated credit unions and reminded them of the guidelines issued by DPC in relation to best practice in this area," the organisation said. “Furthermore the ILCU's CU Learning & Development also provides training courses to support our credit unions in the areas of data protection and credit collection in the Republic of Ireland. These courses are available throughout the year. In addition we will commence a review of credit unions who may have enlisted the services of private investigators to 
pursue arrears. ‘