Data Protection in the Department of Social Protection


Print page

The Data Protection Acts 1988 and 2003 are designed to protect people's privacy. They give effect to the Council of Europe Data Protection Convention. The Acts confer rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data. The Data Controller for the Department is the Secretary General. The area nominated to carry out the functions of the Data Controller in the Department is the Business Information Security Unit whose contact details are given below.

To view the Department's Privacy and Cookie statement please see here.

What is "personal data"?

Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the Department. It covers any information that relates to an identifiable, living individual. This data can be held on computers or in manual files.

The Department's obligations

The Department's obligations under the Data Protection Acts are that:

  • data must be obtained and processed fairly;
  • data must be accurate, complete and where necessary, kept up to date;
  • data must have been obtained only for one or more specified, explicit and legitimate purpose;
  • data must not be further processed in a manner incompatible with that purpose;
  • data must be adequate, relevant and not excessive in relation to the purpose for which they were collected or are further processed;
  • data must not be kept for longer than is necessary for that purpose;
  • appropriate security measures must be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of the data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (The Department employs the most appropriate physical and technical measures, including staff training and awareness and these are reviewed regularly);
  • all personal data held by the Department must be registered with the Data Protection Commissioner;
  • we owe a duty of care to the data subjects concerned, i.e. we must take care not to cause any of our customers damage or distress by, for example, maintaining inaccurate information on our files, or disclosing personal data to someone who is not entitled to this data.

The Department takes its obligations very seriously and adopts the strongest line in relation to the misuse of customer information by any of its staff. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to sanctions up to and including dismissal.

Some frequently asked questions

1. How can I access personal data on me which is held by the Department of Social Protection?
2. If I believe that data on me which is held by the Department of Social Protection is not accurate how can I get it changed?
3. How can I find out if somebody accessed my personal information without permission and/or passed it on to someone else?
4. Where can I get more information about my rights under the Data Protection Acts?

1. How can I access personal data on me which is held by the Department of Social Protection?

There are two ways that you may obtain personal information. See below under Right of Access and Freedom of Information (FOI).

Right of Access

Under section 4 of the Acts a person has a right to be given a copy of his/her personal data. This subject access request (SAR) must be in writing through the postal service and include the required fee of €6.35. You can make a subject access request by writing to Data Access Section, Department of Social Protection, Shannon Lodge, Carrick-on-Shannon, Co. Leitrim. Your request should be as specific as possible, to enable us to identify where the particular data is held and also include evidence of your own identity such as a photocopy of your passport or photocopy of your driving license. A response to your access request will issue to you as soon as is possible and in any event within forty days.

Are there any exceptions to the right of access?

Sections 4 & 5 of the Data Protection Acts set out a small number of circumstances in which your right to see your personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand. For example, the right of access to medical data is restricted in some very limited circumstances, where the health and mental well-being of the individual might be affected by obtaining access to the data. Your right to obtain access to examination results and to see information relating to other people is also curtailed.  

Freedom of Information (FOI)

Another way you may obtain personal information is under the Freedom of Information Acts. Under the Freedom of Information Acts every person has a right, subject to certain restrictions, to access information held by Government Departments, agencies and other designated bodies in receipt of State funding. The Acts also allow for persons to seek access to their own data held by such bodies. There is no fee for this service. You can make a Freedom of Information request by writing to Freedom of Information Section, Department of Social Protection, Shannon Lodge, Carrick-on-Shannon, Co. Leitrim. Your request should be as specific as possible to enable us to identify where the particular data is held.

2. If I believe that data on me which is held by the Department of Social Protection is not accurate how can I get it changed?

Right of rectification

Under section 6 of the Data Protection Acts, a person has a right to have his/her personal data corrected, if inaccurate, or erased, if there is not a legitimate reason for retaining the data. The Department makes every effort to ensure that your personal data is accurate and only retained for as long as it is required. If you have reason to believe that your personal data held by the Department is not accurate or should no longer be retained you can write to the Department on the issue setting out clearly what personal data is at issue and the reasons why you consider it to be inaccurate and/or why the Department should no longer retain it.  There is no fee for this service. Write to Client Identity Services, Department of Social Protection, Shannon Lodge, Carrick-on-Shannon, Co. Leitrim.  

3. How can I find out if somebody accessed my personal information without permission and/or passed it on to someone else?

If you are concerned that an official has accessed your personal information illegally and or that your personal data may have been disclosed to a 3rd party illegally you can make a formal written complaint to:-
Business Information Security Unit
Department of Social Protection
Goldsmith House
Pearse Street
Dublin 2.

The matter will be investigated by the Department and you will be notified regarding the outcome of the investigation as soon as possible.

4. Where can I get more information about my rights under the Data Protection Acts?

The Data Protection Commissioner's Website offers an explanation of the rights and responsibilities under the Data Protection Acts (http://www.dataprotection.ie ) and information is also available from
The Data Protection Commissioner's Office
Canal House,
Station Road,
Portarlington,
Co. Laois.

You can contact the Data Protection Commissioner's Office by email info@dataprotection.ie or by phone 1890 252231.

Last modified:14/07/2016
 

 Application Forms

 
 

 Intreo/Local Office Locator

 
Search for your local office
img