Yesterday’s Sunday Times has details of an investigation by the Data Protection Commissioner into leaking of social welfare details to the insurance industry. The text isn’t available online but an excerpt follows:
Welfare Records Leaked to Insurers
Civil servants in the Department of Social and Family Affairs “routinely” leak welfare and employment records to private investigators employed by the insurance industry, an inquiry has concluded.
An audit of one insurance company discovered that it had access to private data that could only have come from confidential social welfare records. An examination of the records of a second insurer reached the same conclusion.
The data protection commissioner, who carried out the investigation, now believes that the practice of obtaining such information has been and continues to be “systematic” across the industry…
The department said that it has taken strong disciplinary action against any staff who misuse customer information, but refuses to say how many employees have been sanctioned to date.
Two years ago the Sunday Times revealed that at least 72 civil servants accessed the social welfare details of Dolores McNamara, the EuroMillions lottery winner. The department’s system logged over 125 hits on McNamara’s files after she scooped a €115m jackpot. Her social welfare details were subsequently published by a newspaper.
The department refuses to say what sanctions, if any, were taken against those found to have snooped into McNamara’s records…
The inquiry by the data protection commissioner is part of a larger probe into the insurance industry, prompted by newspaper reports and direct complaints to its office alleging private data was being leaked to insurance investigators.
This is just one part of a wider problem of staff in public bodies leaking or selling private information. Recent examples include:
Gardaí leaking details of an assault on Michael McDowell’s son;
Gardaí providing case files to the insurance industry;
Social welfare leaks about Dolores McNamara; and
Garda leaks forcing a family to move home
That last case is particularly interesting. Quite apart from the harm caused to the family, the illegal leaks in that case cost the Irish taxpayer €70,000 in damages and at least that amount again in legal fees. Consequently, one might hope that the financial consequences, if nothing else, will concentrate official minds on securing access to private information.
It’s also important to remember the wider problem revealed by those cases. The government has adopted a policy of matching up various databases using the individual’s PPS number as a unique identifier. This applies to areas as disparate as schools, healthcare, taxation and local authorities. This creates new risks of abuse by allowing public officials easily to access information from other public databases, and potentially allowing an individual to be tracked “from cradle to grave”.