data protection

  • A special investigation of data protection practices at 20 hospitals across the State has identified a catalogue of concerns - including sensitive patient records being left exposed in wards, and a lack of privacy when staff are speaking to patients.

    The investigation was carried out by the Office of the Data Protection Commissioner at hospitals across the country – including University Hospital Galway and Sligo University Hospital.

    It found evidence that computer terminals were being left unattended for long periods, leaving patient data visible, and that sensitive records were not being disposed of securely.

    Hospitals are being urged to use this report as a tool to enable them to spot the significant data processing security risks that may feature at their facilities on a daily basis.

    The investigation was carried out last year and examined practices in 20 HSE facilities, voluntary hospitals and private facilities – although the report does not outline specific issues at individual hospitals.

    The report sets out 76 recommendations aimed at mitigating the risks identified.

  • The Public Services Card has been found to be breaking data-protection laws.

    The State has now been told it must delete data held on over 3 million citizens that it gathered as part of the card's roll out.

    The Data Protection Commissioner carried out an investigation into the card and found there was no legal reason to make people obtain the card in order to access State services such as renewing a driving licence or applying for a college grant.

    The card is issued by the Department of Social Protection.

    It's most commonly used by people to access social-welfare payments.

    The commissioner says it has no issue with the Department processing personal data on the card so that it can be used to claim social welfare - but it does object strongly to the information being shared with other state agencies.

    The Commissioner has given the Department 21 days to stop breaching data protection rules.

    The department will no longer be able to insist a person has the card to access other public services.