Data security
Data controllers must keep the data they control secure. The obligation to secure personal data is imposed upon the data controller by section 2(1)(d) of the Data Protection Acts, which provides that:
This obligation is fully discussed Chapter 11 of Privacy and Data protection Law in Ireland. Section 2C of the Data Protection Acts goes onto set out what that when determining their appropriate security measures data controllers:
This essentially sets out the risk analysis to be undertaken when assessing the security measures to be taken. Section 2C goes onto set out the obligations that data controllers must imposed upon their employees and data processors. The Data Protection Commissioner provides data security guidance which outlines some of the issues that fall to be addressed.
Security breaches have created high profile issues for data controllers. Recent examples include Living Social, Snapchat, Bord Gais and Loyaltybuild. The consequences of a security breach may be serious for both controller and subject. Controller’s responses to data breaches are discussed here. A subject may need to respond by checking whether their data has been compromised in any way; it may be wise to change passwords or other security information that has been compromised. A subject who believes that their data protection rights have been breached may complain to the Data Protection Commissioner; they may also sue for damages.
[twitter-follow screen_name=’ictlaw_com’]