The Data Protection Commissioner, Helen Dixon, has launched the 2017 Annual Report of the DPC. This report shows how Irish businesses, consumers – and indeed the Commissioner – are responding to the issues in this sector. Here are three of the most important insights from the document.
Insights from the Data Protection Commissioner Annual Report
The volume of complaints to the Office of the Data Protection Commissioner continues to grow. Data subjects made 2,642 complaints in 2017, a 79% increase on 2016’s figure of 1,479. The Data Protection Commissioner also concluded 2,594 complaints that year, up from 1,438 in 2016.
Irish organisations probably aren’t 79% worse at handling data than they were a year ago. Therefore, this shows substantial growth in data subjects’ awareness of their rights – and willingness to take action.
Access and Breaches
It’s also illuminating to look at the sources of complaints to the Data Protection Commissioner. For example, the largest single category of complaint – access rights – accounted for 52% of total complaints. The right of a subject to access his or her personal data is hardly new. The fact that it still causes so much contention and Data Protection Commissioner complaints suggests two things. Irish organisations are still struggling to facilitate access requests in a timely fashion, and/or data subjects are becoming more assertive of their access rights.
Separately, the Data Protection Commissioner recorded 2,795 valid security breaches. This is a 26% increase on last year’s figure. Again, assuming that competence levels haven’t dramatically fallen, this indicates that ordinary people are more aware and inclined to report breaches. It may even suggest that organisations themselves are more up-front and inclined to notify the Commissioner about a breach. This can only be a good thing for the security of citizens.
Even as the caseload increases for the Data Protection Commissioner, the regulator has found time to do some pro-active, focused investigations. The Commissioner’s Special Investigations Unit continued to work on the private investigator sector, resulting in several prosecutions during 2017. It also commenced investigations in the hospital sector, Tusla, and on the Public Services Card.
It’s clear that the Data Protection Commissioner will not always wait for an individual complaint to look at how an organisation is handling personal data. This is especially true where organisations are handling sensitive information, or working in industries where shoddy practice is common. If your organisation is in a high-risk sector, or competing with cowboys, you need to be extra-vigilant about your own practice.
Find out More
Read the Data Protection Commissioner’s Report.
See how to process access requests – and possibly prevent a complaint.