The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.
Review of ODPC’s activities in 2014
‘Social Licence Deficit": The Commissioner noted that in 2014 public bodies began to experience "Social Licence Deficit". This arises where a public body is compliant with its data protection obligations but it experiences a lack of "buy in" or trust from the public whose data they are processing. The ODPC intends to start engaging more with public bodies on this issue to factor this Social Licence into their data protection decision making processes.
Enforcement: The Commissioner noted that the ODPC’s investigation into private investigators in 2014 not only impacted practices in the private investigator industry but also on the practices of the Credit Union sector and of a number of public bodies. The ODPC also successfully prosecuted the directors of MCK Investigations under section 29 of the Data Protection Acts. This Section provides for the prosecution of company directors where an offence by a company is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of the company directors or other officers. This was the first occasion on which company directors have been prosecuted by the ODPC for their part in the commission of data protection offences by their company and following this prosecution, there has been a marked increase in queries around ensuring directors’ compliance with the Data Protection Acts.
The Commissioner’s review of 2014 concluded with an overview of some statistics on the ODPC’s 2014 activities:
- Complaints – There were circa 1000 complaint cases in 2014 received by the ODPC, half of those were data subject access requests. They have noted that a large amount of those requests involved data controllers not complying within the statutory time frame and the ODPC intends to run an information campaign to educate Data Controllers on this.
- Direct Marketing – prosecutions were secured against 5 Telecoms.
- Audits – the ODPC conducted a total of 39 audits in 2014, 9 on public bodies and 30 on private entities (including accountancy firms, credit unions and health and beauty industry companies).
- Self-Notifications – there were 2,200 such notifications of breaches of the Data Protection Acts made to the ODPC last year.
Plans for 2015
2015 will see significant changes within the ODPC as it undergoes its most significant expansion to date. In 2015 it intends to:
- recruit 18 new staff members, primarily solicitors and IT investigators and particularly in the Audit and Special Investigations functions. A Communications Officer is being sought to assist the ODPC to liaise with the media along with a new Dublin office to give the ODPC a city centre presence;
- carry out a major internal re-engineering of its case management system in order to make the system more efficient; and
- engage more extensively with the Article 29 Working Party throughout the year on a number of key pan European data protection issues.