The Office of the Data Protection Commissioner (ODPC) has claimed that data relating to former and current staff at Independent News & Media (INM), including four journalists and former directors, has been breached. The Office of the Director of Corporate Enforcement (ODCE) was concerned that data was removed from the organisation’s premises in October 2014, and subsequently taken out of the jurisdiction and “interrogated” by at least six external companies.
Ireland’s Press Ombudsman, Peter Feeney said that “it is deeply disturbing that communications between journalists and third parties can be accessed and used for purposes other than which they originated”. He explained that such breaches can endanger “the very core” of investigative journalism, as the anonymity granted to sources can no longer be guaranteed.
Despite planning to investigate the data breach, Data Protection Commissioner Helen Dixon intends to speak at a data security conference organised by INM to raise awareness of the new EU General Data Protection Regulation (GDPR), which comes into force on 25th May, 2018.
In a statement, the office of the office of the Data Protection Commissioner said: “The DPC intends to undertake an investigation into whether personal data was accessed and if so, whether it was processed lawfully and fairly in accordance with data protection legislation. We are currently scoping the parameters of that investigation, including seeking additional information from INM this afternoon on foot of the breach notification it filed with the office last week.”
Preparing for the GDPR
Organisations preparing for the GDPR probably have a team of compliance practitioners ready to put appropriate measures in place.
Staff awareness training is an essential part of GDPR compliance and maintaining it. However, it can be tricky to put together a comprehensive programme that addresses everything employees need to know.
This online course provides a thorough overview of the GDPR, explaining the Regulation’s principles and requirements. It uses simple, clear terms, making it ideal for anyone whose job involves handling personal data.