Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

The Circuit Court has dismissed Mr Shatter’s appeal against the Data Protection Commissioner’s (the DPC) decision that he breached the Data Protection Acts 1988 and 2003 (the DPAs), by disclosing Mr Wallace’s personal information on RTE’s Prime Time. 

The Court found that Mr Shatter, in his personal capacity, did not have standing to bring the appeal, and furthermore that it had not been shown that the DPC’s decision was vitiated by any serious or significant error or series of errors.Continue Reading Circuit Court dismisses Shatter’s appeal against Data Protection Commissioner

The Private Security Authority (PSA) has published a public consultation document which proposes regulating the Private Investigator Sector. The consultation follows the recent prosecutions of private investigators by the Data Protection Commissioner (DPC), for illegally obtaining people’s personal information (see my previous blog here).Continue Reading Consultation launched on regulation of private investigators

In recent years there has been an explosion of mobile applications (apps), with 1,600 new apps reportedly being added to app stores daily. Along with the increasing popularity of apps, there has been an increase in privacy concerns amongst Data Protection Authorities (DPAs) and consumers.Continue Reading Global DPAs urge app marketplaces to make links to privacy policies mandatory

There has been much debate during 2014 about the effectiveness of the US Safe Harbour regime. Many EU commentators have queried its effectiveness, pointing in particular to the lack of enforcement over the years by the Federal Trade Commission (FTC), the body which effectively is charged with dealing with complaints that companies are not in compliance with their public representations of adherence to the Safe Harbour principles.
Continue Reading SnapChat Signs Up to 20 Years of Data Protection Audits

On 11 December 2014, the Court of Justice of the European Union (CJEU) ruled that domestic use of CCTV surveillance should be strictly limited, and that the exemption in article 3(2) of the Data Protection Directive 95/46/EC for "personal or household activity" does not permit the use of domestic CCTV that also records any public space.Continue Reading CJEU restricts use of CCTV surveillance for domestic purposes

On November 23rd, Symantec, the American antivirus company, announced the discovery of a piece of software called Regin, which it had found lurking on computers and stealing data in Ireland, Russia, Saudi Arabia and several other countries. Its sophistication and stealth led Symantec to conclude that it must have been created by a nation-state.

The Regin software appears to have been lurking on some computer systems from as long ago as 2008 and Symantec said it was unusually low-key, meaning it could be used on a target for several years before being noticed. Symantec have described the purpose of Regin

Continue Reading Regin – State Sponsored Hacking

 A Ministerial Order (S.I. 541/2014) has been passed commencing Part 3 of the Criminal Justice (Mutual Assistance) Act 2008 (the Act), from 1 December, 2014. The Act provides for various forms of mutual legal assistance to foreign law enforcement authorities. 

 Part 3 concerns requests for mutual assistance between Ireland and other Member States of the EU for interception of telecommunications messages for the purposes of criminal investigations. It gives effect to Article 17 to 22 of the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union, 2000.Continue Reading Interception of Telecommunications Messages

A woman, who claimed a pharmacy allowed her husband to watch CCTV footage of her buying a pregnancy test kit, has allegedly settled a Circuit Court damages claim against the pharmacy for €10,000. The action claimed a breach of section 7 of the Data Protection Acts 1988 and 2003 for breach of duty of care, in allowing the footage to be shown to her husband.

She told the court that she had bought the pregnancy test for a friend, but her husband found the receipt in their home and went to the pharmacy with it. When he arrived at the

Continue Reading Woman Sues Pharmacy for Data Protection Breach

The Data Protection Commissioner has been notified of a data breach which has occurred at Trinity College Dublin.

The university’s Law School confirmed that personal data of law students who are participating in the Erasmus programme was inadvertently uploaded to a shared folder which was accessible by all second year law students. While it was intended that a list of students currently participating in the exchange programme would be uploaded in order to facilitate conversation between those students and students who were considering spending an academic year on exchange, the inclusion of the personal data which was attached to the list was overlooked.

The personal

Continue Reading Data Protection Commissioner notified of TCD Data Breach

According to a survey recently published by Microsoft, a large proportion of Irish people think that online privacy is important and that people should not need to give up privacy and freedom for safety from crime and terrorism.

The survey published by Microsoft, and carried out by Amárach Consulting, focused on Irish peoples’ attitudes toward online and digital data privacy and security. Microsoft commissioned the survey as part of its on-going legal challenge to a US warrant which compels Microsoft to produce data held in a Microsoft data centre in Dublin. Continue Reading How important is online privacy?