data protection

  • A special investigation of data protection practices at 20 hospitals across the State has identified a catalogue of concerns - including sensitive patient records being left exposed in wards, and a lack of privacy when staff are speaking to patients.

    The investigation was carried out by the Office of the Data Protection Commissioner at hospitals across the country – including University Hospital Galway and Sligo University Hospital.

    It found evidence that computer terminals were being left unattended for long periods, leaving patient data visible, and that sensitive records were not being disposed of securely.

    Hospitals are being urged to use this report as a tool to enable them to spot the significant data processing security risks that may feature at their facilities on a daily basis.

    The investigation was carried out last year and examined practices in 20 HSE facilities, voluntary hospitals and private facilities – although the report does not outline specific issues at individual hospitals.

    The report sets out 76 recommendations aimed at mitigating the risks identified.

  • The Data Protection Commission is examining complaints it has received in relation to Covid 19 test results being made available to employers before staff members.

    It centres on tests carried out at certain facilities.

    Individuals have expressed shock and upset at receiving their results from managers, rather than the HSE.

    The Chief Medical Officer has said the practice whereby the HSE is giving employers the Covid-19 test results of their employees is "a breach of confidentiality".

    Dr Tony Holohan told the Dáil's Covid-19 committee meeting today that "employers should not be receiving result for employees".

    Confirmation that test results were shared with employers before employees clearly shows that basic data protection rights of individuals were ignored by the HSE, says Roscommon-Galway TD Denis Naughten.

    He has given examples of staff in meat plants and nursing homes who were informed of their Covid test results by their employer.

    The Independent TD says this cannot be tolerated, and results should be provided directly to those tested as soon as they become available.


  • The Public Services Card has been found to be breaking data-protection laws.

    The State has now been told it must delete data held on over 3 million citizens that it gathered as part of the card's roll out.

    The Data Protection Commissioner carried out an investigation into the card and found there was no legal reason to make people obtain the card in order to access State services such as renewing a driving licence or applying for a college grant.

    The card is issued by the Department of Social Protection.

    It's most commonly used by people to access social-welfare payments.

    The commissioner says it has no issue with the Department processing personal data on the card so that it can be used to claim social welfare - but it does object strongly to the information being shared with other state agencies.

    The Commissioner has given the Department 21 days to stop breaching data protection rules.

    The department will no longer be able to insist a person has the card to access other public services.