Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ali Qassim
Oct. 6 — In a first, an enforcement action brought by Ireland's Office of the Data Protection Commissioner (ODPC) resulted in fines against company directors for taking part in their company's data protection offenses, the office announced Oct. 6.
The Bray District Court Oct. 6 fined private investigation company M.C.K. Rentals Ltd., doing business as M.C.K. Investigations, 7,500 euros ($9,469) for breaches of Section 22 of the Data Protection Acts 1998 and 2003, which make it unlawful to obtain access to personal data without the authority of the data controller and then disclose the data, the ODPC said in a statement.
The same court also fined the company's directors, Margaret Stuart and Wendy Martin, 1,500 euros ($1,893) each for breach of Section 29 of the acts after the court found they consented to the company's actions.
The investigation company obtained personal data from the Department of Social Protection and from the Health Service Executive, the national provider of health and personal social services, and then disclosed the data to a group of credit unions, the ODPC said.
“The investigation of these cases uncovered wholesale and widespread ‘blagging' techniques used by the offenders and this is the first completed prosecution by the Data Protection Commissioner of offenders engaged in such practices,” the ODPC said. The website of the U.K. data protection authority, the Information Commissioner's Office, defines “blagging” as an attempt by individuals to obtain information from organizations illegally using deception.
The ruling is “significant” because the ODPC “is prosecuting the directors in their personal capacity,” which it is entitled to do under Section 29 of the acts, Kate Colleary, a partner at Dublin-based Eversheds, told Bloomberg BNA Oct. 6.
The ODPC “has gone further than merely prosecuting the legal entity that committed the offences and is saying that the offences were committed with the consent or connivance of the directors who are being prosecuted personally which could result in them getting a criminal record,” she said.
“This could mean that they may be restricted from traveling to certain countries or from holding certain positions in companies/public office, or could even, though unlikely, result in a custodial sentence,” she said.
The prosecutions are also the first ones to be completed by the ODPC against private investigators for breaches of data protection law, according to the ODPC's statement. The Irish data protection authority initiated proceedings against another private investigator for the same breach of the data protection rules, but the court hasn't issued a final sentence.
The ODPC said the sentence sends a “strong message to private investigators and tracing agents to comply fully with data protection legislation,” warning them that they will be prosecuted for offending behavior.
The case should also act as a warning to organizations in the credit union, banking, financial services, legal and insurance sectors who make use of private investigators and tracing agents, who need to ensure that any companies they use “have fully safeguarded all personal data against unlawful forms of data processing,” the ODPC said.
The office added that it was “particularly shocking” that the credit unions that contracted the investigators asked no questions about how M.C.K. Investigations obtained the personal data.
The ODPC said it will also investigate further into how the Department of Social Protection and the Health Service Executive will prevent breaches from taking place in the future.
A spokesman with the Courts Service of Ireland told Bloomberg BNA Oct. 6 that it doesn't publish lower court documents such as the ruling in this case.
To contact the reporter on this story: Ali Qassim in London at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)