The following e-mail will be sent on your behalf.

<your name> has sent the following story to you from ElectricNews.net.

The story is available from http://www.electricnews.net/article/10124338.html

DPC urged to take tougher stance
Thursday, May 08 2008
by Sylvia Leatham


The Data Protection Commissioner (DPC) has been urged to take
a firmer stand against abusers of the data protection regime
and to fine serial offenders.  

The publication of the DPC's annual report on Thursday --
which was partly overshadowed by the news that a blogger had
managed to access the DPC's site and leak the contents of the
report on Wednesday -- drew criticism for not going far
enough in punishing those guilty of breaches of the data
protection provisions. 

 

Paul C Dwyer, CEO at security firm Team InfoSec, argued the
presence of telecommunications company NewTel Communications
in the report, having also featured in the 2005 and 2006
annual reports, demonstrated there was "no significant
downside to being caught". 

 

"The Data Protection Commissioner doesn't go far enough,"
he claimed, pointing to powers to fine companies EUR100,000
per incident and stop them from processing data. "Why has
he never fined anybody EUR100,000?," Dwyer asked, speaking
with ENN.

  

Someone guilty of serial speeding offences was likely to lose
their driving licence but the sanction for serial offenders
of the data protection system was insignificant, he added. 




In his annual report for 2007, Data Protection Commissioner
Billy Hawkes revealed that complaints had risen to 1,037 from
658 in 2006 and 300 in 2005, partly fuelled by 390 complaints
concerning unsolicited SMS text messages. 



He argued the rise in the number of complaints represented
"the mainstreaming of data protection into the operations
and functions of public bodies and private organisations and
in the public consciousness generally. Naturally, I very much
welcome this trend."  



Replying to the criticism levelled by Dwyer, Hawkes told ENN
the DPC office did not have the power to levy fines directly
in most cases, adding it favoured compliance rather than
punishment. "We aim for solutions to complaints that result
in positive benefits...our approach is on correcting
behaviour." 



He described the case involving NewTel Communications, which
conducted a cold-call marketing operation, as an "isolated
incident", adding the company corrected the situation "very
promptly". 



The report also noted the trend among private companies to
contact the DPC's office voluntarily when they became aware
of accidental disclosures of customer or employee
information. Hawkes described it as a "welcome trend" but
believed the time was coming when Ireland would need to
consider imposing a legal obligation on companies to disclose
security breaches as already happens in many states in the
US. 



The report highlighted a number of complaint case studies
involving companies such as Aer Lingus, NewTel
Communications, the Gresham Hotel in Dublin and Eircom. In
the latter case, ex-customers had complained that Eircom had
targeted them with marketing calls aimed at trying to win
back their business. Following an investigation by the DPC's
office, the company agreed to stop the practice and pay
EUR35,000 to charity.