July 18, 2011 by David Miller
Ugly stuff in London with the resignation today of the UK’s two top police officers, along with a slew of recent resignations at the now extinct News of the World. Data protection is often dismissed as a very low level priority and yet, as is clear from the UK, the consequences of tacitly or otherwise permitting breaches of those safeguards can unleash economic and political firestorms.
In fact the notion that a senior member of An Garda Siochana might resign in similar circumstances (suspension pending investigation by the police ethics committee) seems highly improbable.
Email addresses are a different form of media from mobile phones, but their details should be equally private in my view unless otherwise indicated by the address owner. Here’s an interesting article from Ireland’s Data Protection Commissioner that points out the (seemingly generally underrated) importance of inserting email group listings into the ‘BCC’ field (i.e. blind carbon copy wherenby recipients only know that they have been emailed, and not the identities and email addresses of other people on the list).
Perhaps not surprisingly there’s no clear guidance given. I say not surprisingly as compared to the UK’s Information Commissioner, the Irish Data Protection Commissioner seems slightly less willing to nail its colours to the data protection mask. The UK Information Commissioner recently fined a local authority £120,000 for misdirecting emails on 3 separate occasions: could we imagine a regulator taking a similarly robust approach to a data protection breach by a local authority in Ireland, and the money being collected? I’m not so sure.