The organisers of a youth football league in the Dublin area have said that there was “no breach of data” after the Data Protection Commission (DPC) requested a meeting the Football Association of Ireland (FAI) to discuss complaints about a new player registration system.
The Dublin and District Schoolboys’/girls’ league, which provides competitions for 133 clubs in Dublin, Kildare, Meath and Wicklow, has said that its data collection “meets the highest industry standards”.
In a statement issued on behalf of the DDSL board, the league said that it is investigating “a number of issues concerning unauthorised access and unacceptable behaviour involving a few parties at this time and will report in due course.”
Ardmore Rovers, based in Co Wicklow, had previously advised its members “not to use the DDSL registration system until all concerns regarding data security, privacy and protection were fully resolved.” The DDSL subsequently cancelled all fixtures for the club.
In the statement, the DDSL asked all clubs to register players by midnight on Wednesday. It said that any team without the required number of players on its panel would have its fixtures for the coming weekend cancelled.
Ahead of the new season, the DDSL introduced a new player registration software run by SportLoMo, a sport management software company. The system asks parents to upload the details and photo page of their child’s passport, birth certificate or Department of Justice certificate. A separate, passport-style photo, is also required. Parents and guardians must also sign a waiver that acknowledges that their child’s data will be used by their club and/or the DDSL.
In a letter to the DDSL, one club expressed concerns over “unrestricted access to other DDSL clubs members’ data including photos and passports of children”.
Seamus Kyne, chief executive of SportLoMo, said that unrestricted access “was not possible” and that “only people logged in to the platform with appropriate permissions to access member data can actually access membership data.
“The club, when logged in as a club administrator, which gives privileged access to administrators, could access team panels, which are by design, created with a view to sharing with club officials and match officials. You must be logged in to view these pages.”
In response to concerns that children’s passport information could be accessed by users from different clubs, Mr Kyne said that this was due to “parent error” and that parents/guardians mistakenly uploaded pictures of their children’s passport when asked to supply a “passport-style photo” to the registration system.
“These images have been deactivated until the DDSL carries out such an approval process on all photographs uploaded by parents,” said Mr Kyne.
Mr Kyne said that SportLomo is available to the FAI, DDSL and the DPC to “clarify and give detailed understanding of what was reported over recent days.
“Data stored in the SportLoMo platform is secure,” he added.
Graham Doyle, the Deputy Data Protection Commissioner, said that a “productive” meeting between the DPC and the FAI took place on Monday, and that he will engage further with both the DDSL and FAI.