Data Protection Commissioner: Naming some but not others

An RTE report (29.20) on the publication of the annual report of the Data Protection Commissioner revealed the names of three companies that were found to have breached regulations.

Film footage of the companies so named accompanied the report.

Oddly, however, the report failed to name financial institutions that were found to have breached regulations.

The report simply referred to ‘some financial institutions’ but gave no names.

Looking at the annual report I noted that four of the thirteen case studies outlined were not named.

These were; a vet, a car dealership, ‘some’ financial institutions and ‘some’ solicitors.

I thought this very odd. I mean why name some of the offenders including film footage of their business premises and keep others secret?

Those named and filmed are likely to suffer to some degree from the negative publicity while the unnamed suffer no consequences.

I rang the Data Protection Commissioner’s office to ask why.

Official: In the cases we haven’t named, they were absolutely cooperative with our investigations so there would be nothing to be gained by naming them.

As for the financial institutions and solicitors, there were a number of those involved and they were entirely co-operative with our investigations so there would be nothing to be gained by naming them.

Me: So the people who have been named have not been co-operative?

Official: Well…at the end of the day the decision comes down to the Commissioner himself whether to name and shame.

In our investigations with some of these companies they would be aware there was a possibility of being named and shamed

Me: But that indicates that all those who were named were not cooperative. Can you confirm that?

Official: I can’t confirm that because I wouldn’t have worked on those investigations but I’ll get someone else to speak to you if you wish.

Same official: (After speaking to some of her colleagues) Because the report enjoys absolute privilege the decision remains with the Commissioner.

As to who he names, and in respect of what I said earlier, it is not necessarily true that those who didn’t cooperate would be named.

It’s all down to the decision of the Commissioner and the report is published under absolute privilege.

Me: What does absolute privilege mean in this case?

Official: He would have the decision of who and who not to name.

Me: Do we know what he bases his decisions on?

Official: I don’t know that but you would be welcome to put your comments in writing.

Me: Does your organisation come under the Freedom of Information Act?

Official: No.

Me: That’s surprising.

Official: Well, we don’t hold personal data.

My email to the Data Protection Commissioner.

To whom it may concern,

Of the thirteen case studies outlined in your annual report four are without the names of the transgressors.

These cases involve the following:

A car dealership; a vet, financial institutions and solicitors.

An official from your office has informed me that this has to do with Absolute Privilege and the power of the Data Commissioner to decide who is named and who is not.

I hereby formally request the names of the people/organisations that are not named.

If this is not possible I would be grateful if you could provide me with the precise legal/legislative/administrative reason/s for refusing the information.

Yours etc.
Anthony Sheridan

Share this:
  1. delacaravanio’s avatar

    The freedom of information act has nothing to do with personal data/the data protection acts. One would think that someone working in the data protection commissioner’s office would realise this basic point.

  2. Haymoon’s avatar

    Looks like The Data Protection Commissioner is protecting some people but not others!

  3. Anthony’s avatar

    Seems like that Haymoon, We’ll know by how he replies to my question.

  4. Gary Hearns’s avatar

    I would like to correct the Data official’s assertion that they don’t hold personal data. They have to when investigating a complaint. I would like to know if the Data Commissioner’s office has to be compliant like the the rest of businesses and organisations vis-a-vis personal data?

  5. Wallace’s avatar

    Hi there everybody, here every one is sharing
    these knowledge, therefore it’s good to read this webpage, and I used to pay a visit this blog all the time.