“Accessing Records Of Certain People, Including Personalities Within RTÉ”

at

Hawkes
[Data Protection Commissioner Billy Hawkes at the Institute of International European Affairs’ Cybersecurity conference at the Manison House in Dublin last November]

Data Protection Commissioner Billy Hawkes spoke to Richard Crowley on RTÉ News at One, following the publication of his office’s audit of data protection in An Garda Síochána from 2011 to October 2013.

Specifically, Mr Hawkes told how, during his investigation, he found incidences whereby members of Gardaí – not the whistleblowers Sgt Maurice McCabe and former Garda John Wilson – accessed the Garda profiles of certain ‘RTÉ celebrities’, passed on information to private investigators and also accessed information in the Department of Social Protection.

Richard Crowley: “This report has just been published, it’s rather long. We haven’t even seen the executive summary, so maybe you could do the job for us and tell us what are your main findings?”

Billy Hawkes: “Well the main findings are that An Gardaí are treating personal data as you would expect a professional police force to do so. They have responded to points, weaknesses we pointed out, particularly inappropriate access by members of the force to data and, even worse, disclosure of it, outside of the force. But it’s quite a comprehensive report, it goes through things like how they deal with CCTV, how they deal with suspects, the system of Garda vetting, how that works, so it’s essentially a comprehensive look at all aspects of how An Garda Síochána carry out their duties because, again, obviously personal data is the lifeblood of An Garda Síochána but it’s particularly important that how they handle it respects all of our rights in relation to the data that they hold, so that was a particular focus of it – that basically that we should be satisfied and everybody else should be satisfied that when they give information to An Garda Síochána, whether voluntarily or compulsory, that we should all be satisfied it would be guarded carefully. Only those who have needed to do so would have access to it and particularly won’t be disclosed outside the force.”

Crowley: “But how many members of the force were abusing the system?”

Hawkes: “Again, that’s, we discovered quite a number of incidences, because we did sample tests where people could not justify why they were accessing the records of certain people, including by the way, personalities within RTÉ, so basically there was a need for action there. We’re also, separately, in a separate investigation, we’re also dealing with under our own powers as data protection, we’re dealing with evidence of more active, as it were, disclosure of information from An Garda Síochána to people who have no right to receive it. But that’s a separate issue.

Crowley: “Ok, are you talking about the two whistleblowers? Those that we call the whistleblowers?”

Hawkes: “No I’m not, I’m talking about something entirely different about disclosure from within An Garda Síochána, not in relation to whistleblowers, it’s people who had basis at all for disclosing information to third parties. So..”

Crowley: “Who? What third parties?”

Hawkins: “No, it would be people like private investigators who try to get information from Garda systems.”

Crowley: “And who tried to, or who did?”

Hawkins: “Succeeded.”

Crowley: “On how many occasions?”

Hawkins: “Again, again, all we can do is based on a sample of what we’re dealing with, of complaints we’re dealing with. There have been such instances but the important point in this…”

Crowley: “But how many?”

Hawkins: “No, again, cause I mean, all I can deal with is the ones we know about.”

Crowley: “Ok, well, how many do you know about?”

Hawkins: “We know, I suppose all we know about would be a handful of those cases because we’re carrying out a detailed investigation into private investigators and their actions at present.”

Crowley: “But you know that, in all of those cases, the information went to specific private investigators and you know who those private investigators are..”

Hawkins: “Yeah at we’re..that particular investigation is in fact continuing. We have by no means reached the end of our investigation because it’s not only access to the Garda data it’s also access to data for example in the Department of Social Protection, so it’s more, it’s part of a broader sweep in terms of inappropriate access.”

Crowley:Can we go back to PULSE. Are guards giving information to the media?”

Hawkins: “Well we don’t…know they do but we’re not talking about that.”

Crowley: “No, I mean from PULSE now. Are they passing information from PULSE onto the media?”

Hawkins: “No, again, that was not the focus of our investigation.”

Crowley: “Well I know it wasn’t the focus but did you come across it?”

Hawkins:I suspect that there were incidences, and I’d be careful of what I’m saying, where that might have been happening. But, again, since I’m speaking to a journalist, I’m not going to elaborate.”

Crowley: “Now the question we’ve asked, a couple of minutes ago was how many members of An Garda Síochána have abused the system?”

Hawkins: “I don’t know that answer to that because all we could do is sample it because we did find enough for An Garda to acknowledge they had an issue here which they have addressed. They have taken disciplinary action against a number of members of the force and they have also issued clearer guidelines. They are now carrying out proactive audits which they were required to do under a code of practice which we approved for An Garda Síochána a few years back so basically we’re recording broad satisfaction with the actions they’re taking but we are going to follow up on an action plan which An Garda Síochána are putting in place to make sure that the recommendations we’ve made, to which they’re committed to, are actually carried out.”

Crowley: “But each time a guard signs on to the PULSE system and accesses specific information about a particular individual does that leave a footprint, do we know that he or she has been there?”

Hawkins: “Yes we do and that’s greatly to the credit of An Garda Síochána, they do have proper auditory rules, so you can know which member has accessed the particular record and…”

Crowley: “So then you should be able to tell me how many gardaí have abused the system surely?”

Hawkins: “No because again the people may have a, obviously the gardaí needs access to the records of people on a daily basis and it’s a question of, for example, if there’s an unusual pattern of access, if there’s no obvious reason of why a garda in one particular region is accessing data from a region other than his own. That’s where issues arise and what the gardaí have committed to is to carry out audits, which they are carrying out, to detect that sort of pattern. They have found cases where it has been happening and they’ve taken disciplinary action. So we want the message to go out, within the organisation, that that should not happen and there’s a high risk you’ll be caught if you actually are inappropriately accessing, or worse, disclosing information, outside An Garda Síochána.”

Crowley: “What were the reasons given for the members accessing information about these, let’s call them, minor celebrities and sports people and others. What was behind it?”

Hawkins: “In many cases, it was just curiosity, so there, if you like, there wasn’t anything sinister about it but nevertheless, whether you’re a celebrity or not, if you report something to An Garda Síochána, you have an expectation that it will be treated seriously, it will only be used for the purpose of whatever you’re reporting, whether it’s a burglary, attack or whatever and that it should not be accessed out of curiosity.”

Later:

Crowley: “Are you saying that you find no fault with [Sgt Maurice] McCabe and [former Garda John] Wilson?”

Hawkins: “Oh no, what we’re saying is and I really want to generalise it, because we did in fact specifically support the [Garda Commissioner Martin Callinan] Commissioner in relation to information being disclosed to the Public Accounts Committee. So, basically, our position, and my position as Commissioner, is that having focused heavily, not only in this report but also in our annual report last year on inappropriate access by gardaí to data held on the PULSE system, I had a duty to support the Commissioner when he took the position that once the whistleblowers had discharged, if you like, their moral duty to report malpractice within an gardaí, then there was not a basis for them to continue to access the PULSE system and even less so for disclosing confidential information about people to third parties.”

Listen back here

Read the Data Protection Commissioner report here