The Central Statistics Office (CSO) has hit headline news this week by admitting to a major data breach which involved details of over 3,000 staff. The Irish Independent first broke the news after a woman contacted the newspaper to report an incident claiming that the CSO had sent her P45 in error to someone else.
A statement from the Central Statistics Office confirms that “…between November 10 and 14, 2017, as a result of an administrative error, personal P45 information relating to 3,000 former employees was disclosed via email to four individuals, in breach of the Data Protection Acts…. The CSO immediately notified the Office of the Data Protection Commissioner (ODPC) of the breach and the individuals affected have been informed by letter.” Source: The Independent.ie.
It doesn’t stop there… Step forward Bank of Ireland. On Nov 24th, The Irish Times reported that Bank of Ireland staff pay details were mistakenly circulated internally. The bank confirms that pay and benefit(s) information of 110 employees was mistakenly sent to ten senior managers. Bank of Ireland made a notification to the Data Protection Commissioner after the accidental release of the sensitive staff information, some of which was searchable by people outside the organisation.
Other recent and interesting cases involve information relating to 550 AIB customers that was found in a bag and handed into a local business in Spidéal, Galway! Another case, on a major infringement scale, involved well known driver-on-demand company Uber. Information pertaining to 57 million users and drivers worldwide was stolen in 2016. Not only are the numbers, in this case, staggering – the most notable aspect was Uber’s mishandling of the incident which has resulted in lawsuits filed against the company. What is your view, are data breach incidents on the rise or are we simply becoming more aware of them?
But on a positive note, Europe is experiencing a turning point when it comes to the regulation of personal data. The EU’s General Data Protection Regulation (GDPR) comes into force on the 25th of May 2018, this will result in stricter privacy laws for companies. If you would like to find out more about the GDPR and what this means for you, the Data Protection Commissioner have released a useful guide for individuals and organisations GDPR and You.
What is an employee data breach?
An employee data breach is an incident that results in any unauthorised access to data, this includes, but not limited to, cyber-attacks and lost/stolen information. Last year, a survey conducted by Irish Computer Society (ICS) revealed that almost 61% of organisations experienced some form of data breach; more than ‘50% of the incidents’ were caused by staff misplacing records. If an organization’s response to a data breach is handled incorrectly, employees could file a class action lawsuit!
What do to if you think that your personal data may have been compromised?
Firstly, it is advisable to contact the Data Protection Commissioner, contact details can be found on www.dataprotection.ie. Include any evidence/support communication between you and the organisation. If the complaint is valid, you may be entitled to compensation, in that case, it is best to seek legal advice.
If you believe that your data rights have been ignored, get in touch with our experienced and friendly team today!
YOUR PERSONAL DATA IS VALUABLE…AND IT’S YOURS! WE’LL HELP YOU MAKE SENSE OF DATA PROTECTION LAW.
Visit us at www.GibsonAndAssociates.ie
Call Gibson & Associates: 1890 989 289