The transfer of information from 140,000 Dublin City Council customers to the waste collection firm Greyhound did not breach Data Protection acts, an investigation has concluded.
The investigation, which was undertaken by the Office of the Data Protection Commissioner, came after a number of complaints were filed by members of the public.
Greyhound took over the council’s bin collections from January 16th but has been heavily criticised over threats to withdraw services to households which have yet to pay their collection charges.
The Data Protection Commissioner's investigation focused on both the transfer of customer data from Dublin City Council to Greyhound, and the collection of customer debts.
The investigation concluded that the core elements of the sale of the business did not breach the Data Protection Acts.
However, the Office of the Data Protection Commissioner was critical of the delay in sending out a notification letter to customers regarding the new service provider. The investigation concludes the letter, which was sent out by the council to households in January, should have been sent out much earlier.
"By notifying customers of their new service provider simultaneous to the completion of the sale but after the data transfer had occurred, it is not possible for this office to come to the view that the “fair processing” requirements of the Data Protection Acts, 1988 and 2003 were fully met by DCC in this instance," it said.
The report added the council had agreed to seek to comply with all Data Protection guidance if a similar situation arises in the future.
The investigation also concluded that in regard to the collection of Dublin City Council customer debts by Greyhound, no transfer of personal data had yet taken place.
An unannounced inspection at the premises of Greyhound and its agents by the Office of the Data Protection Commissioner late last month confirmed information regarding names, addresses and whether a household was entitled to a waiver was transferred to the waste collection firm.
The Data Protection Commissioner said Dublin City Council and Greyhound had agreed a number of undertakings before any debt collection data would be transferred.
Among these are the putting in place of an audit procedure by the council to ensure Greyhound is fully compliant with all aspects of its responsibilities as a data processor.
In addition, the debt collection database is to be kept separate from all other aspects of Greyhound's waste services businesses.
Both Dublin City Council and Greyhound have previously said that the transfer of information from customers as part of the takeover of services “adhered strenuously” to legislation.
Greyhound also stressed its customer database was separate to the database of customers owing unpaid debts to the council.
