Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
LAST YEAR, the German newspaper Bild published a photograph of a Centra convenience store in Portarlington, Co, Laois. This small-town grocery is important to Germany because off to the side of it (helpfully circled in red by Bild for its hard-of-seeing readership) is the Office of the Data Protection Commissioner, and that office is a source of increasing concern to the German people and their government. The Bild article went on to state that the office, responsible for all of Facebook’s data Europe-side, has a staff of 22. The headline read “Facebook Controller: the Irish Data Protection Regulator Is So Tiny.”
Ireland is rapidly becoming the European base for the Big Data industry. Facebook, LinkedIn and Twitter all have offices here. This means that the data of many millions of European citizens is subject to Irish law. Data protection is a human right, closely bound up with privacy, and is unsurprisingly taken especially seriously by European countries whose citizens suffered under the police states of Nazis or Soviets, or even both.
It is the right not to have your personal information hoarded, sold, disclosed or otherwise misused. “Data Protection” may not stir passions like other rights do, but in an increasingly data-driven world, its importance cannot be overstated. We are already at risk of a two-tier privacy system, where the rich and famous can go to court for super-injunctions, while the ordinary citizen finds his personal data circulated wider and faster than ever before.
But privacy is an abstract right, something that lawyers and academics get excited about but which, in countries lucky enough not to have suffered under a police state, does not always concern the ordinary citizen. This week however, things got a bit more real.
Loyaltybuild is an Irish based company that manages loyalty card schemes for a wide range of companies including, appropriately enough, Centra. It emerged this week that their data security was breached, and criminal hackers had accessed the personal information of over 1.5 million customers across Europe. Many of those had their credit card details compromised, and at least some of them have already had money stolen from their cards as a result.
This is obviously a criminal matter, but Data Protection laws are in place to ensure that such breaches never happen in the first place.
Firstly, it is open to question whether Loyaltybuild had any business having the credit card details at all. After all, their job was simply to keep records of purchases, not to handle payments. In any case, the Data Protection Act forbids retention of data for longer than it is required. Even if credit card details were required for Loyaltybuild’s purposes, holding them for (in some cases) two years after customers had cashed in their points and taken their rewards surely cannot have been necessary.
Perhaps more alarmingly, the credit card numbers were unencrypted and stored along with their 3-digit CVV codes. This is the data storage equivalent of writing your PIN number on the back of your card. It is contrary to industry best practice and to the DPA requirement that appropriate security measures be in place to prevent unauthorised access to data.
Finally, the Personal Data Security Code of Practice states that “All incidents of loss of control of personal data in manual or electronic form by a data processor (Loyaltybuild) must be reported to the relevant data controller (their various client companies) as soon as the data processor becomes aware of the incident”. The Data Controllers in turn must report the matter to the Office of the Data Protection Commissioner as soon as they become aware of the incident. Media reports suggest that this breach occurred a month ago. How long it took anyone to notice is unclear.
The Data Protection Commissioner has dispatched two investigators to Ennis to investigate the condition of the stable door. What is not known is whether Loyaltybuild was ever subject to an audit by the Office of the Data Protection Commissioner. It would seem likely that an audit would have uncovered the issues which led to the current debacle.
However, the Commissioner, as demonstated by his modest accommodation and staffing, is hamstrung by lack of funding. His options now that the horse has bolted are also limited. The law provides for fines of up to €3,000 on summary conviction. Fines of up to €100,000 are possible on indictment, though such a penalty has never been sought. Lack of resources means that prosecutions under the Data Protection Act average about one a year. Indeed, in his public statements, the Commissioner has been at pains to stress his preference for amicable solutions to breaches of the Acts.
What is afoot here is a rerun of the Celtic Tiger era “light touch regulation” of financial services. Ireland has again made a Faustian pact whereby we lure employers here on the understanding that they will not subject to too-stringent a regulatory system. As the Loyaltybuild breach has shown, this is a bargain that will probably end badly. And as with the financial services boom, it is making the Germans nervous.
Perhaps we will listen to them this time.
Fergal Crehan is a barrister practising in Data Protection law. He writes on legal subjects at www.fergalcrehan.com
To embed this post, copy the code below on your site
I’m confused – I thought he was the minister for water! Can the minister for health do something about these places & the horrible sub humans that abuse the poor people who depend on a level of care that clearly is not being delivered.
Same as that – he seemed more concerned with water charges the day after this broke.
Setrakian, can we not deal with a serious issue without someone dragging in Irish Water ? People who abuse others in such a terrible fashion are not sub-humans. When we hear about such incidents we all talk so loosely about monsters, animals, sub-humans to describe the dreadful actions of certain people. By using such terms we imply that if these people were “normal” they would not behave in such a way. This has the effect of distancing us from their actions and making us feel morally superior in some way. These people are deficient from us. Different in some way. This explains their incomprehensible actions. But the truth is that most people who engage in such actions are just like the rest of us. Put them in certain situations and they behave dreadfully. Group think, hidden character flaws, a desire to humiliate, control and punish. There are numerous psychological studies which clearly show how “normal” people can behave in monstrous ways. We would be better off employing this knowledge to put in place processes and procedures that are designed to off-set this propensity which exists in many of us and recognise that many people, in certain situations of power imbalance, cannot be trusted to behave at all well. In other words we should expect such behaviour from a minority because it is, tragically, well within the normal range of behaviour and when we do not find it we should become suspicious (as HIQA should have). But this would require us to look very firmly in the mirror and act accordingly. We don’t want to do this or recognise that this behaviour is actually more widespread than we would like to admit.
The point Andy is making, Sektarian, is that our Leo seems to want to speak on any issue rather than putting his head down and concentrating on doing the job that we the people pay him hansomely to do!
Sorry, that should have been for John R.
Mary, I want our Govt Ministers speaking on various matters. Constitutionally they share collective cabinet responsibility. So they should speak to various matters as they have a say at cabinet in those matters.
I don’t assume Leo. It’s your bloody job to know. Criminal charges now.
To some degree or other this appalling report will probably affect patients in other homes for the better
“Leo: Áras Attracta abuse ‘is certainly the worst I’ve ever seen”
The sick fact Leo, is that there is probably a lot worse going on out there.
You have to look to see Leo
You have to look to see
And what punishment for the abusers Leo
Sadly, none whatsoever, all talk and no action, this country has really become a banana republic when the likes of this cruelty of disabled people goes on, that lady of 75 thrown to the ground, someones mother/someones daughter. They hurt like the rest of us, but unable to do anything for themselves, what goes around will most definitely come around, one day these sub human carers will be old and hopefully will get what they dished out. These disabled ladies deserve respect and dignity. Oh all sort of Government meetings will take place, but just like everything else, nothing will get done, except putting in water meters, that seems to be their only priority. What about the Tuam babies, brushed under the carpet just like everything else that might make them get off their fat overfed arses and do the job they are overpaid for plus their expenses that are claimed for without receipts. If it wasn’t so sad for the ordinary people of this country, it would be a joke.
I would have them charged with GBH and chained to a chair with a drink out of their reach for ages. But nut cracker Leo spent four years going in and out of the Dail stepping over homeless people. He should define worst. I deem leaving people helpless worse and using them for a leg up the political ladder.
A member of the public can go to a police station file a statement and get these people charged with GBH . The law can be applied by Leo if he got off his hinny and done that.
We know this Leo it’s what are you going to do about it you tool
The only ppl who can expose the abuse are the good decent ppl who are carers on the job and witness any abuse
Benny unfortunately when the carers report abuse of any kind it’s hardy followed up on. I know from personal experience, hiqa aren’t worth a shi!e. They announce most visits so care homes and nursing homes are well prepared and all like little fairies cleaning and getting prepared for visits and even preparing their fake smilies and niceties. It’s sickening really. The whole system is a disgrace and needs a complete overhaul
Leo you can talk the talk but can you walk the walk?
I’m sure it is happening in other places and hopefully staff like the ones we seen might leave their positions now and let people who are compassionate and caring look after those in need. If someone told me what was happening I would not have believed it because I cannot understand how anyone could treat another person like they did.
Leo Varadkar should take 2 tablets..
1. A cop the Fook on tablet and
2. A shut the Fook up and do your job tablet,
and don’t be commenting and talking to the media bout anything else but health related issues…..
Just because the Aras Atractus staff were so horrendously cruel does not mean all facilities caring for intellectually disabled people are the same. As usual a few evil idiots are ruining everything for the majority of people who do their job well.
How about government abuse of the people Leo?
Maybe Leo could donate just a few euro a week to a charity which works against this abuse. It’s only a few euro.
Fuxk off leo ya billix . This your watch.
Very lucid Barry. A great help. Any other suggestions?
How stupid is that.I ghess a talking shop will be formed where the home with the most abuse will be debated apon. Nothing will happen and a change will be preposed but stalled due to some technicality, and next year another home with similar abuse will appear and the cycle repeats itself. How about the guards go in and arrest them for assault or would that actually constitute a breach of the abusers rights.anyway the guards are stretched beating up water protesters and allowing a private company to force contracts on them, there’s no revenue in arresting these care workers so why do it.
Worst he’s seen, seen? As in there are other cases we don’t know about?
I think that’s exactly what he said….worst he has seen as there are possibly worse out there as yet unseen..who can say?
Varadkar should stop visiting different media outlets and availing of every available photo op – and get on with the extremely serious job he should be doing.
When your dealing inexperienced low paid staff you’ve got to assume it’s happening elsewhere…….
Who said the staff were inexperienced & low paid? Some of the staff shown are trained nurses. They are abusers no excuses. Lack of appropriate supervision is the issue. Sack tbem & charge them
Exactly my point!
I agree with what your saying but
These are supposed to be caring compassionate people and they should not need supervision imo.
One of those staff members had an MSc, another was a CNM. Even if the weren’t the ones who were the most abusive, they were fully complicit. This was nothing to do with overworked or underpaid staff, this was a rotten culture. Even if it wasn’t going on in the other bungalows, there must have been an awareness of the atmosphere by other people work in the institution.
I’m still struggling to accept what we saw and heard on that programme. I hope Leo Varadkar is right and there’s nothing worse out there.
Although this abuse cannot be attributed directly to the failed FG/labour coalition it’s more damming evidence that they’re unable to properly govern this state, in their rush to appease bankers, speculators, bondholders, the EU, IMF and the ECB they have ignored everything else.
More and more scandals involving abuse of the elderly and the very young, the homeless are appearing yet the stewards of this banana republic don’t act until it’s public and then we just get the usual hand wringing and faux indignation until it blows over.
Oh go away Dermot. Governments are not responsible for the behaviour of the depraved. Individuals do thing which are reprehensible and they must be held to account. It is the job of organisations to oversee their staff and put in place oversight mechanisms to ensure decent behaviour. The role of Government is to recognise that such terrible behaviour can in fact be expected and anticipated and to ensure that all such organisations have the relevant oversight and protection mechanisms in place. It is the assumption that all of us will behave well in situations where we have charge of other human beings that is the flaw. Most people behave well. A minority do not. That minority can be influential and persuasive and influence or cower the majority. This behaviour exists in other institutions as we speak. Be sure of it. If we want to stop it then we have to recognise that this behaviour can and should be expected from some human beings and put in place appropriate arrangements e.g. whistle blowing, unannounced inspections etc.
The running of a country by government involves ensuring the well being, security and stability of it’s citizens, we have departments of education and health designed to oversee that health and education is properly implemented, this government and previous ones have failed in their duty.
You might have purposely ignored my opening line where I said this scandal cannot be attributed to the government but they seem completely oblivious to what happens in this country and are as taken aback as the rest of us when it appears on public media…..
How many more scandals before the government acts?
You insist that the government is only there to respond when such things happen and put in place measures to prevent or reduce future incidents….you say that like this is the first documented case of abuse of our citizens in institutions.
Like I said….some mealy mouthed words, some forlock tugging and some shaking of heads and furrowing of eyebrows in some failed attempt at outrage and empathy is about the best we can hope for from our political elite.
Dermot, see my further responses below. Govt cannot be responsible for all aspects of human behaviour and depravity. They also share all our blind spots. And we have many!
Notnews: Nobodys talking about restraining. What happened was ABUSE not just being uncaring and cold. Also, referring to them as clients doesnt seem very caring either
What would you call them?
Less comments about water and get on with your job €3Leo
If there were unannounced inspections and CCTV, the incidence of this behaviour would go down dramatically I dare say. Also staff caught engaging in abuse like this should be sacked and prosecuted for assault.
Does Leo do anything but give interviews. Maybe do his job and see where all the problems are instead of giving interviews about this and that.
What about the Abuse to the Irish people? Knobjocky
Here’s a thought put hidden cameras in and around the Dail and leinster house and we’ll the shite they say and the things they do! sort out your own house before condemning others Leo! no one cares what your opinion is.
As bad as it is and it was! I’m pretty sure the treatment of the irish people from fine gael is worse.
What about the Abuse your doing to the Irish people how voted you in? Knobjockey
“The worst I’ve ever seen”. Does he mean that he’s seen more abuse but in a lesser scale, and that the HSE have done nothing to make things better till now?
Unannounced inspections and CCTV are the minimum required. Also this type of physical abuse is assault and should be a criminal offence with a prison sentence and dismissal from the job as a given.
have your say