A recent survey of 256 IT administrators in Irish-based companies showed that more than half (51%) of organisations had suffered a data breach in the last 12 months, with nearly a quarter (22%) suffering multiple breaches.
The survey, which was conducted by the Irish Computer Society (ICS), also found that less than half of those organisations that suffered a breach (43%) reported it. Furthermore, one in three Irish staff are not sufficiently aware of data protection issues, while some 40% of IT staff receive “insufficient” or “no” data protection training.
It was against this backdrop that the sixth annual data protection conference took place in Dublin Castle.
With changing legislation at the European level, ever more demands being placed on the meagre resources of the Data Protection Commission here and evolving attitudes toward personal data, the field of data protection is undergoing significant change.
Addressing the conference, Sean Kelly MEP, gave an outline of the work of the Industry Research and Energy Committee (ITRE) and reports it made to the European Commission on the subject of data protection. As a result, said Kelly, the Commission opted for regulation for private sector and directive for the public sector, where one set of rules would apply to all member states.
However, Kelly said that the UK was trying to water things down, which he opined, was perplexing due to its heavily service based economy.
Kelly went on to say that the reduction of red tape, especially for SMEs, was a key focus of his and the committee. It was to this end that the requirement for a dedicated data officer was changed so that organisations with less than 5,000 individual clients a year would not be compelled to create such a post. However, where an organisation does not meet that threshold but conducts a significant amount of personal data processing, Kelly strongly urged the appointment of a data officer. There was also an exemption for start-ups.
“They must be allowed to flourish before the full weight of regulatory compliance is put on their shoulders,” said Kelly.
Kelly went on to describe how one of the first aspects of the issue debated in the parliament was a definition of consent.
“I am of the opinion that too much importance is placed on the issue of consent,” said Kelly.
He said that there was much debate surrounding unambiguous and explicit consent. In the end, it was agreed to opt for explicit consent, which Kelly said “may result in a good bit of click fatigue”.
Another contentious issue was the operation of legitimate interest grounds in information gathering. Some of the more conservative, said Kelly, wanted to get rid of the legitimate interest clause altogether. However, legitimate interest of data controller must be balanced with the reasonable expectation of privacy from the data owner.
Kelly also commented that the Irish Data Protection Commission (DPC) has some of the most invasive powers of any such office in Europe.
Concluding, Kelly said that renegotiations on the new EU data protection laws will recommence in June with the goal of law by year end.
He said that this was a landmark law due to the fact that it will impact all 508 million people in the EU.
Subscribers 0
Fans 0
Followers 0
Followers