Employers spying on staff part of 900 data watchdog complaints

The data watchdog launched investigations into more than 900 complaints last year including CCTV being used to spy on hospital and supermarket staff.
People trying to find out what information state agencies and companies held about them made up more than half of the work.

[featured-img]

The Data Protection Commission said surveillance cameras at work, direct text message marketing, email issues, banks not keeping personal details up-to-date and a lack of response to concerns most occupied the public last year.
A breakdown of the complaints revealed 578 were to do with people trying to access information held by companies and government bodies about themselves.
Another 104 were related to direct marketing, 16 related to the use of CCTV and two were about the use of biometrics.
In one, a supermarket worker was sacked after putting a paper bag over a camera in a staff canteen while a colleague gave her a new hairdo.
Management had not told employees they were being recorded on their breaks, the commission was told.
The shop bosses claimed the camera had been put up to counter customer theft, waste, staff theft, bullying and harassment among staff and to maintain a clean canteen.
The commission found no security issue in the canteen that justified putting up CCTV.
In another, two foremen in Letterkenny General Hospital were found to have put up unauthorised covert surveillance in their maintenance department over security concerns.
“Covert surveillance is normally only permitted on a case-by-case basis, where the data is kept for the purpose of preventing, detecting or investigating offences, or apprehending or prosecuting offenders,” the commission said.
“Clearly, any decision by a data controller to install covert cameras should be taken as a last resort after the full exhaustion of all other available investigative steps.”
The Data Protection Commission said 23 complaints related to people’s right to be forgotten on the internet.
The commission said 94% were resolved amicably and it highlighted a number of cases it investigated.
In another, the Department of Social Protection was criticised after it emailed a woman’s confidential illness-benefit statement to her employer.
It included her name, address, PPS number, date of birth, bank details and number of children.
The department apologised to the woman and said the member of staff who sent it out was new to the job and the woman should have been told her employer was trying to access the information.
The commission said employers need to make sure staff are fully trained and closely supervised, particularly when processing personal data.
“Errors by staff present a high risk of data breaches on an ongoing basis and it is critically important that efforts are made to mitigate against those risks by driving data protection awareness throughout the organisation, with particular focus on new or re-assigned staff,” it said.
The watchdog said it was notified of 2,376 data security breaches in 2015, up by more than 100 on the previous year.
Commissioner Helen Dixon said there had been seminal judgments by the European Court of Justice last year.
The most high profile involved the campaign by Austrian lawyer Max Schrems, who challenged the right of Facebook to transfer data of millions of users to the US.
It led to the court declaring the Safe Harbour agreement, which allowed for that, invalid.
Ms Dixon’s office is still investigating Mr Schrems’ complaint to reveal how much of his personal information ended up in the US.
She said EU rules allow for extensive protection of personal data.
“Likewise, agreement on a new legal framework for data protection in Europe will clearly lay out new rights for individuals, increased obligations for organisations handling personal data and an increasing focus on enforcement for data protection authorities,” she said.
“These developments, coupled with rapid technological change, undoubtedly present challenges, but the office will continue to meet these head-on through careful planning and appropriate resourcing.”