The Data Protection Acts 1988 and 2003 are designed to protect people’s privacy. They give effect to the Council of Europe Data Protection Convention. The Acts confer rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data.
What is "personal data"?
Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the Department. It covers any information that relates to an identifiable, living individual. This data can be held on computers or in manual files.
The Department's obligations
The Department’s obligations under the Act are that:
- data must be obtained and processed fairly
- data must be accurate, complete and where necessary, kept up to date
- data must have been obtained only for one or more specified, explicit and legitimate purpose
- data must not be further processed in a manner incompatible with that purpose
- data must be adequate, relevant and not excessive in relation to the purpose for which they were collected or are further processed
- data must not be kept for longer than is necessary for that purpose
- appropriate security measures must be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of the data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
- all personal data held by the Department must be registered with the Data Protection Commissioner.
- we owe a duty of care to the data subjects concerned, i.e. we must take care not to cause any of our customers damage or distress by, for example, maintaining inaccurate information on our files, or disclosing personal data to someone who is not entitled to this data.
The Department takes its obligations very seriously and adopts the strongest line in relation to the misuse of customer information by any of its staff. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the Disciplinary Code and comes under immediate consideration for dismissal.
Some frequently asked questions
How can I access personal data on me which is held by the Department of Social Protection?
There are two ways that you may obtain personal information:-
- You can make a data protection access request by writing to Data Access Section, Department of Social Protection, Shannon Lodge, Carrick-on-Shannon, Co. Leitrim. Your request should be as specific as possible, to enable us to identify where the particular data is held. A response to your access request will issue to you as soon as is possible and in any event within forty days. It should be noted that individuals who seek access to their personal records under the Data Protection Acts must pay a minimum fee of €6.35.
- Under the Freedom of Information Acts every person has a right, subject to certain restrictions, to access information held by Government Departments, agencies and other designated bodies in receipt of State funding. The Acts also allow for persons to seek access to their own data held by such bodies. There is no fee for this service. You can make a Freedom of Information request by writing to Freedom of Information Section, Department of Social Protection, Shannon Lodge, Carrick-on-Shannon, Co. Leitrim. Your request should be as specific as possible to enable us to identify where the particular data is held.
How can I find out if somebody accessed my personal information without permission and/or passed it on to someone else?
If you are concerned that an official has accessed your personal information illegally, you should make a formal written complaint to:-
Business Information Security Unit
Risk Management Division
Department of Social Protection
The matter will be investigated by the Department and you will be notified regarding the outcome of these investigations.
Are there any exceptions to the right of access?
Yes. Sections 4 & 5 of the Data Protection Acts set out a small number of circumstances in which your right to see your personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand. For example, the right of access to medical data is restricted in some very limited circumstances, where the health and mental well-being of the individual might be affected by obtaining access to the data. Your right to obtain access to examination results and to see information relating to other people is also curtailed.
Where can I get more information about my rights under the Data Protection Act?
The Data Protection Commissioner's Website offers an explanation of the rights and responsibilities under the Data Protection Acts (http://www.dataprotection.ie)
and information is also available from
The Data Protection Commissioner's Office
You can contact the Data Protection Commissioner's Office by email ( email@example.com
) or by phone 1890 252231.