Yesterday’s Sunday Times has details of an investigation by the Data Protection Commissioner into leaking of social welfare details to the insurance industry. The text isn’t available online but an excerpt follows:
Welfare Records Leaked to Insurers
Colin CoyleCivil servants in the Department of Social and Family Affairs “routinely” leak welfare and employment records to private investigators employed by the insurance industry, an inquiry has concluded.
An audit of one insurance company discovered that it had access to private data that could only have come from confidential social welfare records. An examination of the records of a second insurer reached the same conclusion.
The data protection commissioner, who carried out the investigation, now believes that the practice of obtaining such information has been and continues to be “systematic” across the industry…
The department said that it has taken strong disciplinary action against any staff who misuse customer information, but refuses to say how many employees have been sanctioned to date.
Two years ago the Sunday Times revealed that at least 72 civil servants accessed the social welfare details of Dolores McNamara, the EuroMillions lottery winner. The department’s system logged over 125 hits on McNamara’s files after she scooped a €115m jackpot. Her social welfare details were subsequently published by a newspaper.
The department refuses to say what sanctions, if any, were taken against those found to have snooped into McNamara’s records…
The inquiry by the data protection commissioner is part of a larger probe into the insurance industry, prompted by newspaper reports and direct complaints to its office alleging private data was being leaked to insurance investigators.
This is just one part of a wider problem of staff in public bodies leaking or selling private information. Recent examples include:
Gardaí leaking details of an assault on Michael McDowell’s son;
Gardaí providing case files to the insurance industry;
Social welfare leaks about Dolores McNamara; and
Garda leaks forcing a family to move home
That last case is particularly interesting. Quite apart from the harm caused to the family, the illegal leaks in that case cost the Irish taxpayer €70,000 in damages and at least that amount again in legal fees. Consequently, one might hope that the financial consequences, if nothing else, will concentrate official minds on securing access to private information.
It’s also important to remember the wider problem revealed by those cases. The government has adopted a policy of matching up various databases using the individual’s PPS number as a unique identifier. This applies to areas as disparate as schools, healthcare, taxation and local authorities. This creates new risks of abuse by allowing public officials easily to access information from other public databases, and potentially allowing an individual to be tracked “from cradle to grave”.
Colin Coyle has very kindly provided the full text of the story:
Home news
Welfare records leaked to insurers
Colin Coyle
820 words
15 July 2007
The Sunday Times
Eire News 1
English
(c) 2007 Times Newspapers Limited. All rights reserved
CIVIL servants in the Department of Social and Family Affairs “routinely” leak welfare and employment records to private investigators employed by the insurance industry, an inquiry has concluded.
An audit of one insurance company discovered that it had access to private data that could only have come from confidential social welfare records. An examination of the records of a second insurer reached the same conclusion.
The data protection commissioner, who carried out the investigation, now believes the practice of obtaining such information has been and continues to be “systematic” across the industry.
The Department of Social and Family Affairs said yesterday that the data protection commissioner’s conclusions are being investigated as a matter of urgency. “We are currently planning a fundamental redevelopment of our customer systems to incorporate further security and logging facilities,” it said.
The revelations, however, indicate that a small number of civil servants are selling private records to claims investigators working on behalf of the insurance industry.
Insurance companies benefit greatly from access to an individual’s private files, since these can allow them to disprove claims for compensation based on disability or long-term absence from work. The social welfare files would also reveal if someone had ever been involved in benefit fraud while also providing an overall picture of their financial situation.
Willie Penrose, a Labour spokesman, said the findings are a grave concern. “I will be demanding that the minister (Martin Cullen) moves urgently to close up any deficiencies in the current system,” he said.
The department admits that most of its 4,000 employees can access anyone’s social welfare and employment history, but argues that this is essential to their work.
It explained that the department’s computer system logs a digital “footprint” each time a member of staff accesses someone’s record, and said that the database is password-protected.
“Our systems and accounts are protected in line with industry norms,” it said.
The department said it has taken strong disciplinary action against any staff who misuse customer information, but refuses to say how many employees have been sanctioned to date.
Two years ago The Sunday Times revealed that at least 72 civil servants accessed the social welfare details of Dolores McNamara, the EuroMillions lottery winner. The department’s system logged over 125 hits on McNamara’s files after she scooped a E115m jackpot. Her social welfare details were subsequently published by a newspaper.
The department refuses to say what sanctions, if any, were taken against those found to have snooped into McNamara’s records. It promised at the time to carry out “a detailed review of the access employees have to systems and data”.
Gary Davis, an assistant data protection commissioner, said: “The practice (of passing welfare records to private investigators) seems to have still occurred up to recent times. We would expect that our findings are being taken seriously by the department and we understand that new access controls to records will be put in place. We intend to monitor the situation closely.”
TJ McIntyre, a barrister and chairman of Digital Rights Ireland, said it was deeply worrying that lessons hadn’t been learnt from the McNamara case two years ago. “There will always be a small minority who will misuse sensitive data, especially potentially valuable information such as social welfare records,” he said.
“The department should have an audit trail, where it can identify those who are accessing records that are not essential to their work, and take appropriate action when it uncovers an abuse of data protection legislation.”
McIntyre said the abuse of citizens’ private records at the Department of Social and Family Affairs could occur within other state bodies if necessary safeguards weren’t in place.
“If it can happen in social welfare, the worry is that revenue records, health records or garda files could also be open to abuse,” he said.
The inquiry by the data protection commissioner is part of a larger probe into the insurance industry, prompted by newspaper reports and direct complaints to its office alleging private data was being leaked to insurance investigators.
The office of the commissioner is currently drawing up a code of practice with the Irish Insurance Federation (IIF) that will include regulation of the use of private investigators.
Michael Horan of the IIF said private investigators are hired to compile information on claimants and defended the practice. He said: “When there is reason to believe that a claim is fraudulent or exaggerated, it is routine to use a private investigator, but we have communicated to our members that any intermediaries working on behalf of the industry must also comply with data protection legislation.”
The IIF said it was not in a position to censure members that failed to comply with existing legislation. “That would be a matter for the gardai,” said Horan.
(C) Times Newspapers Ltd, 2007
in the US people have been facing the problem of their Social Security Number being used by agencies (banks, insurance, driving records, dental and medical and almost any sort of account) other than those it was intended (taxation and social welfare).
I’ve always been comforted that Ireland wasn’t the same way but it looks like I am very wrong.
Is Ireland SSS policy the same with US SSS policy? My friend is asking me if it is the same, his on Ireland right now and he is having problem getting SSS.