Monday, August 28, 2017

Policing personal data

The Irish Times on Saturday carried an interesting report on the need for a debate over the Public Services Card (PSC).

It's the card familiar to people who receive monies from the State in the form of unemployment benefit, pay related benefits, dole, the free travel card, etc.

It is not required by law to have the card and the Garda is specifically precluded from requesting an individual to produce a PSC as proof of identity.

But a spokesperson for the Data Protection Commissioner has admitted that the means of communicating what data was being collected, for what purpose and with whom it may be shared needed to be addressed adequately.

If there is a concern about how the State compiles and stores data on its citizens what is the situation with organisations, churches, instutions in how they manage information on their members?

What legal rights has any organisation to store data on another person?

What's the law concerning dioceses and religious congregations keeping files on their members?

Who has access to these files? What rights have the members to know how the files are being managed? Are there any sanctions on the mismanagement of these files? What happens if an individual is refused access to her/his file or there be an inordinate length of time between request and delivery?

Are the files properly maintained and what levels of security surround files on individual members?

Are there State rules and regulations concerning these issues? Is there a regulatory body policing the custodians of such files?

It is a worrying and grave issue that requires immediate State regulation and policing. 

7 comments:

Marie said...

"It is a worrying and grave issue that requires immediate State regulation and policing. "

Are you having a laugh? Are you really totally unaware of the Data Protection Act and its various amendments, and the Data Protection Commissioner? I could understand if you are not yet familiar with the General Data Protection Regulation changes coming in 2018, but to not know about the existing laws (which apply to the church as much as they do to every golf club in the country) shows a woeful lack of civic awareness. And actually a lack of professional competence for someone working as a hospital chaplain and therefore likely to be handling at least some personal information.

Michael Commane said...

Marie,
The reason why this/that post appears is because of the concerns that I have about how files are managed in organisations within the Catholic Church.

Michael Commane said...

This from the Data Protection Act 1988.
What does one do when one knows this law has been broken?

4.—(1) (a) Subject to the provisions of this Act, an individual shall, if he so requests a data controller in writing—

(i) be informed by the data controller whether the data kept by him include personal data relating to the individual, and

(ii) be supplied by the data controller with a copy of the information constituting any such data,

as soon as may be and in any event not more than 40 days after compliance by the individual with the provisions of this section; and, where any of the information is expressed in terms that are not intelligible to the average person without explanation, the information shall be accompanied by an explanation of those terms.

Michael Commane said...
This comment has been removed by the author.
Michael Commane said...

What does one do when one knows the law is being broken?

Anonymous said...

I deal with this daily. Organisations are obliged, if requested in writing, to give over copies of records/ data they have on people (provided the person is looking for their own data).

Michael Commane said...

Goes without saying their own data. Have you had dealings with religious congregations and if so what has been your experience?

Featured Post

Shame has switched sides

Below is the editorial in The Irish Times yesterday. A journalist on Channel 4 last evening asked the question was this a specific French pr...