Tusla failures among 6,600 data breaches
MORE than 6,600 data security breaches were notified across the country last year, the State’s data watchdog said.
Shocking data violations by the child welfare agency Tusla were exposed in the annual report by the Data Protection Commission for the second year running.
In one incident, Tusla unintentionally provided an individual accused of child sexual abuse with the address of the child who made the complaint and with her mother’s telephone number.
The most frequent cause of all breaches was unauthorised disclosure, which accounted for 86% of cases, the DPC said.
In its 2020 annual report, the DPC found that the number of breach notifications jumped by 10% compared to 2019’s figures.
It emerged in the report that, in April 2020, the DPC issued a decision in respect of an ownvolition inquiry regarding three personal data breaches notified to the DPC by Tusla. The breaches occurred when Tusla failed to redact documents when sharing them with third parties.
As well as the aforementioned breach, another personal data breach occurred when Tusla unintentionally provided the father of two children in care with their foster carer’s address.
A third breach occurred when Tusla unintentionally provided the grandmother of a child in care with the address and contact details of the child’s foster parents and the location of the child’s school.
Launching the report, data prothe tection commissioner Helen Dixon said that it handled 10,151 cases last year, up 9% on 2019 figures.
The figures revealed the DPC received 4,660 complaints under General Data Protection Regulation (GDPR) last year.
The most frequent GDPR topics for queries and complaints continued to be access requests, fair processing, disclosure, direct marketing and right to be forgotten delisting or removal requests.
A total of 4,476 complaints against organisations from individuals were resolved last year.
The complaints raised ranged from issues with securing access to their personal data from all types of organisations, to complaints about excessive personal data collection, to unauthorised and unnecessary disclosure of personal data to third parties.
Cases concerning employment law disputes continue to be heavily represented. The DPC said a ‘phenomenon’ it continued to see last year was organisations and individuals attempting to misuse the GDPR to ‘obfuscate or pursue’ other agendas.
The DPC added that had it increased its staff levels, while its budget rose to €16.9million in 2020 and to €19.1million this year.
GDPR used for ‘other agendas’