Watch­dog’s in­quiry into INM widens to in­clude po­ten­tial ‘data breach’

ODCE in­ves­ti­ga­tion has moved be­yond Pitt’s orig­i­nal whistle­blower com­plaint INM dogged by cor­po­rate gover­nance is­sues since board­room dis­pute

The Irish Times - Business - - FRONT PAGE - MARK PAUL and COLM KEENA

The cor­po­rate watch­dog has widened its gover­nance in­ves­ti­ga­tion of In­de­pen­dent News & Me­dia to in­clude its han­dling of a po­ten­tial data breach in­volv­ing per­sonal in­for­ma­tion at the news­pa­per pub­lish­ing group.

The Of­fice of the Di­rec­tor of Cor­po­rate En­force­ment (ODCE) is in­ves­ti­gat­ing INM af­ter a whistle­blower com­plaint by the com­pany’s for­mer chief ex­ec­u­tive Robert Pitt. Dur­ing the course of this in­quiry the ODCE be­came aware of the po­ten­tial breach.

An email that orig­i­nated out­side the com­pany, and said there has been a ma­jor data breach at the com­pany, has also been cir­cu­lated re­cently to sev­eral se­nior jour­nal­ists at the pub­lisher, who no­ti­fied man­age­ment.

INM con­firmed to The Ir­ish Times that there was “a po­ten­tial per­sonal data breach” and that it re­cently hired the con­sul­tancy Deloitte to look into the mat­ter. It is un­der­stood that a sub­com­mit­tee of the board of di­rec­tors was also es­tab­lished to ex­am­ine the breach.

Code of prac­tice

“INM can con­firm that it did no­tify the Of­fice of the Data Pro­tec­tion Com­mis­sioner of a po­ten­tial per­sonal data breach in Au­gust 2017,” the com­pany said. But the com­pany added that the com­mis­sioner’s of­fice told it the mat­ter “did not con­sti­tute a per­sonal data breach un­der the terms of their vol­un­tary code of prac­tice and was, there­fore, recorded as a non-breach on their files”.

INM said Deloitte’s man­date from INM’s board was “ter­mi­nated when it was es­tab­lished that no breach had oc­curred”. It is un­der­stood, how­ever, that, de­spite the data-pro­tec­tion com­mis­sioner’s clear­ance, the scope of the ODCE in­quiry now in­cludes the na­ture of the po­ten­tial breach and the or­gan­i­sa­tion’s han­dling of it. The ODCE in­ves­ti­ga­tion has there­fore moved be­yond Mr Pitt’s orig­i­nal whistle­blower com­plaint, which was over a board­room row about an aborted bid for Newstalk, the ra­dio sta­tion owned by INM’s big­gest share­holder, De­nis O’Brien. INM’s state­ment in re­sponse to queries from The Ir­ish Times did not men­tion the widen­ing of the ODCE’s in­quiry. When asked to spec­ify when the “po­ten­tial breach” oc­curred, it de­clined to com­ment fur­ther.

ODCE in­ves­ti­ga­tion

In a trad­ing state­ment last week INM is­sued a profit warn­ing that it partly blamed on mount­ing le­gal costs for the ODCE in­ves­ti­ga­tion, which it said were on­go­ing and “sig­nif­i­cantly higher than pre­vi­ously es­ti­mated”.

When asked to com­ment, the Of­fice of the Data Pro­tec­tion Com­mis­sioner con­firmed it re­ceived a no­ti­fi­ca­tion in Au­gust and that the mat­ter was not recorded as a breach of per­sonal data. The of­fice would not com­ment when asked if the ODCE had been in con­tact.

When the ODCE was asked if its in­quiry into INM now in­cludes in­ves­ti­gat­ing the sus­pected data breach, a spokesman said it does not com­ment on in­di­vid­ual cases.

“We don’t com­ment at all, and we are pre­cluded from do­ing so un­der the con­fi­den­tial­ity pro­vi­sions that we op­er­ate un­der.”

Deloitte made no com­ment on its in­volve­ment.

INM has been dogged by a se­ries of cor­po­rate-gover­nance is­sues since it was re­vealed a year ago that Mr Pitt had fallen out with Les­lie Buck­ley, the chair­man and a rep­re­sen­ta­tive of Mr O’Brien. The two men had a dis­pute about how much INM should bid for Newstalk.

INM is­sued a profit warn­ing that it partly blamed on mount­ing le­gal costs

Newspapers in English

Newspapers from Ireland

© PressReader. All rights reserved.