It remains unclear how the apparent "interrogation" of the data of 19 people, including journalists and two senior counsel to the Moriarty Tribunal, was linked to a "cost-cutting" exercise at Independent News & Media (INM), the High Court has been told.
The affected persons, including former executive Karl Brophy, may have been in some way regarded as having "acted adversely" to the interests of INM's major shareholder, Denis O'Brien, Brian Murray SC said.
It “seems surprising” no one in INM appeared to have thought, as Mr O’Brien’s company Blaydon Ltd had paid €60,000 for the data exercise, “maybe it had an interest in the outcome”.
“Those ‘I’s’ never seem to have been dotted.”
It is clear there were other analyses of back-up data removed from INM over a period from October 2014 but the Office of the Director of Corporate Enforcement (ODCE) has been unable to access those, Mr Murray said.
Inspectors are necessary to establish a range of matters, including the purpose of the data interrogation and for whose benefit it was conducted, he argued.
Those matters were outside the remit of the Data Protection Commissioner (DPC), whose investigation into the matter is continuing.
Mr Murray also argued the INM board was "very willing indeed" to accept the explanation of its then chairman, Leslie Buckley, for the data removal as a "cost-cutting exercise" when "strong circumstantial evidence" seemed to support the conflicting account of its former chief executive Robert Pitt, including Mr Pitt's claims the data interrogation was paid for by a company linked to Mr O'Brien.
Mr Buckley had said the data had been accessed as part of a cost-saving exercise initiated by him arising from his concerns about the cost of a €650,000 annual legal services contract for Simon McAleese solicitors, the court heard.
In reply to Mr Justice Peter Kelly, Mr Murray said it did not appear Mr McAleese was contacted in the context of the cost-reduction exercise.
Inconsistency
The INM board initially “downplayed” the alleged data breach to the DPC when it made a disclosure to her about it in August 2017, he said. It told her the data had been accessed for a limited business purpose when it had no basis for such an assurance, he said. It did not tell the DPC it did not know what the purpose of the exercise was or that there was an inconsistency between accounts of it provided by Mr Pitt and Mr Buckley.
The matter was presented as a “minor issue” and the DPC was told the alleged breach “may” have placed personal data at risk when INM knew the data had been transferred out of the Republic to be interrogated by non-INM employees and when no one knew “what was actually done to it”.
INM also failed to state the data exercise had been paid for by someone else, he said.
The board told the DPC it had commissioned Deloitte to produce a report but that report, produced in October 2017, was not sent on to the DPC and nor was she advised of the matters in it.
INM had later complained that the ODCE had information about these matters which it had not provided to INM over several months until the application for inspectors was initiated in March 2018.
Had the ODCE given it information elicited from the ODCE investigation, INM said, its response would have been different.
The ODCE rejects those claims and maintains INM had the necessary information, including from Mr Pitt in August 2017, to make a full disclosure to the DPC.