Politicians in commissioner's bad books over data act

Net Results Karlin Lillington The annual report issued by the Data Protection Commissioner's Office always makes for interesting…

Net Results Karlin LillingtonThe annual report issued by the Data Protection Commissioner's Office always makes for interesting reading.

It is, of course, a barometer of how our privacy rights stand in the State and, in that sense, is a worthy document indeed.

But let's not be overly sanctimonious. I'll 'fess up right away: it's also good for the little snigger here and there, full or revelations of how the high and mighty, from businesses to individuals, have had their wrists slapped for taking improper liberties or using lax procedures with personal information.

Last year, it was lawyers who were at the receiving end of Data Protection Commissioner (DPC) Joe Meade's firm but polite scolding. The legal profession tends to hold lots of personal information on clients and other people as a result of the nature of its work. Therefore, solicitors and firms holding such information are required to register.

READ MORE

But they hadn't, or at least not in any significant numbers. Only 93 had registered at the time Mr Meade rattled the sabres - appropriately, the legal ones - in his 2002 report.

Those remiss in registering might need to be prosecuted, he said politely. This year, the number registered had jumped to 445.

Now it's politicians that have been taken to task. Politicians tend to have all sorts of information about their constituents on file. This means they need to register with the DPC. But only 108 had done so - a number Mr Meade noted "seems on the small side" as there are 226 TDs and senators, and 1,627 councillors.

Further prosecutions were possible for those failing to register as required, he noted - again, very politely.

Yes, it IS so hard to suppress the sniggering and, given the seriousness of the issue, one really should, even if the prospect of a court full of politicians warms the heart (although, of course, I suppose we have something similar already with the tribunals).

He added that religious orders and dentists also seemed to have registered in very low numbers compared to what would be expected.

One of the cases I found most interesting in the report - which gives the juicy details of nine cases, along with other snippets of fascinating detail and a firm statement of support for privacy rights - is that of a firm that engaged in unwanted direct marketing using SMS.

Realm Communications sent SMSes flogging free hotel stays in Ireland to mobile owners last summer. The message told recipients they needed to call a premium-charge phone line to avail of the holiday - a nice little earner for the company, one suspects.

Several people complained to Mr Meade, who took an action against the firm, which he found had deliberately structured its marketing campaign to try and avoid data protection legislation.

Realm said it was not actually processing personal information - it simply sent messages to an anonymous database of mobile numbers.

But Mr Meade found it was doing so using an automated process and without the recipient's consent, two key elements in deciding whether an act contravenes data protection legislation.

Mr Meade found "the fact that personal details were never provided to or recorded by the sender of these messages was not central to the overall issue of unsolicited text marketing".

Be aware, however, that it is OK for companies to send SMS or email marketing messages to their own customers - provided they give consumers an easy method of opting out of such messages.

This is an interesting point, for many people have contacted me in the past two years complaining of SMS marketing messages they've received from their own mobile providers. The "opt-out" clause has never been apparent to me on any of the material I receive from telecoms operators - on my bills, for example, or on their websites.

So, folks, if you don't want to get the messages, you probably need to contact your service provider directly, as I don't know how else we're supposed to avoid getting them.

If you continue to receive them, file a complaint with the DPC (which is easy to do on the commission's website, www.dataprotection.ie).

DPC Annual Report 2003: ww.dataprotection.ie/images/ annual_report_2003.pdf

http://weblog.techno-culture.com