Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

A woman, who claimed a pharmacy allowed her husband to watch CCTV footage of her buying a pregnancy test kit, has allegedly settled a Circuit Court damages claim against the pharmacy for €10,000. The action claimed a breach of section 7 of the Data Protection Acts 1988 and 2003 for breach of duty of care, in allowing the footage to be shown to her husband.

She told the court that she had bought the pregnancy test for a friend, but her husband found the receipt in their home and went to the pharmacy with it. When he arrived at the

Continue Reading Woman Sues Pharmacy for Data Protection Breach

The Data Protection Commissioner has been notified of a data breach which has occurred at Trinity College Dublin.

The university’s Law School confirmed that personal data of law students who are participating in the Erasmus programme was inadvertently uploaded to a shared folder which was accessible by all second year law students. While it was intended that a list of students currently participating in the exchange programme would be uploaded in order to facilitate conversation between those students and students who were considering spending an academic year on exchange, the inclusion of the personal data which was attached to the list was overlooked.

The personal

Continue Reading Data Protection Commissioner notified of TCD Data Breach

According to a survey recently published by Microsoft, a large proportion of Irish people think that online privacy is important and that people should not need to give up privacy and freedom for safety from crime and terrorism.

The survey published by Microsoft, and carried out by Amárach Consulting, focused on Irish peoples’ attitudes toward online and digital data privacy and security. Microsoft commissioned the survey as part of its on-going legal challenge to a US warrant which compels Microsoft to produce data held in a Microsoft data centre in Dublin. Continue Reading How important is online privacy?

Dublin District Court, yesterday, convicted a private investigator on two charges of unlawfully obtaining personal information from the Garda Pulse system and disclosing it to without authority.  He was fined €2,500 for each offence. 

Pursuant to section 22 of the Data Protection Acts(DPAs) 1988 and 2003, it is an offence to obtain access to personal data without the prior authority of the data controller by whom the data is kept and to disclose the data to another person.

The private investigator allegedly obtained the information from a Detective, and member of the Garda, and used the information to provide

Continue Reading Private Investigator fined €5,000 for unlawfully obtaining personal data

Great day today attending the Health Informatics Society of Ireland 2014 Annual Conference.  In our Data Protection for Healthcare workshop together with Sarah Reade, Lead ICT Project Manager, Saint John of God Hospitaller Ministries and Jim Gregg, Irish Computer Society, we had a lively discussion on the data protection challenges faced by medical practitioners in the context of research and access requests. Continue Reading Health Informatics Society of Ireland 2014 Annual Conference

A recent ruling by the Employment Appeals Tribunal (EAT) highlights, once again, the issue of improper use of e-mail and internet at work.

A Dublin firm sacked a sales representative after she went through the private email account of her line manager.  However the EAT held that, in the circumstances, the claimant’s dismissal was a disproportionate sanction and awarded her €15,000.Continue Reading EAT awards €15,000 to woman dismissed for printing her manager’s emails

Apple Pay: an Introduction

One of the most exciting elements of the Apple iPhone 6 launch in September was the announcement by Apple of the Apple Pay feature. Apple Pay is a near field communication (NFC) based mobile payment system that comes pre-installed on the iPhone 6. NFC technology involves a short-range, low power wireless link evolved from radio-frequency identification technology that can transfer small amounts of data between two devices held a few centimetres from each other. It is the same technology that is behind the ‘tap and pay’ debit cards that have been rolled out by Irish banks in the last number of years.

While Apple Pay was launched with the iPhone 6 in the US, it has not yet been rolled out in Europe with rumours predicting an Apple Pay European launch in 2015.

It is clear that Apple Pay has the potential to be a ground breaking technology that may change the way that consumers use their phones and, indeed, how consumers pay for goods and services.Continue Reading Apple Pay – Challenges and Solutions

In Atkinson v Community Gateway Association UKEAT/0457/12, the UK EAT held that accessing an employee’s emails, in the course of a disciplinary investigation into the employee’s conduct, did not amount to an unjustified interference with the employee’s private life. The employee did not have a reasonable expectation of privacy, in circumstances where he had sent emails from his work account in breach of the email policy, which he himself had drafted, and was responsible for enforcing. In addition, the emails were not marked “personal/private”.Continue Reading Tribunal rules employee did not have a reasonable expectation of privacy in regard to his work emails

Bray District Court, yesterday, fined a firm of private investigators, and its two directors, €10,500 for unlawfully obtaining personal data.  The court found that the directors had used ‘subterfuge’ to unlawfully obtain the addresses of credit union clients in arrears. The directors posed as a VEC and hospital worker to obtain the information, via telephone calls, from employees at the Department of Social Protection (seven cases), and the Health Services Authority (HSE) (sixteen cases).Continue Reading Private Investigators fined €10,500 for unlawfully obtaining personal data

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns