Department of Health believed they were fortunate to get away with just a €22,500 fine over gathering of personal information on families

The Department of Health believed they were lucky to escape with a €22,500 fine for a major data breach that involved “excessive and disproportionate” gathering of sensitive personal information about people who had taken legal action against the state.

In internal submissions, officials said the department could have been hit with a fine of up to €1 million and that the actual fine “fell far below the maximum that could be levelled”.

A submission to Department Secretary General Robert Watt from senior officials said the level of the fine “should as a result be welcomed” and suggested the department could despite “some reservation” accept the sanction proposed by the Data Protection Commission (DPC).

The investigation followed an RTÉ programme in March 2021 based on information provided by the whistleblower Shane Corr who said the department had a practice of collecting sensitive and personal information about vulnerable children and their families when they were involved in litigation against the state.

Outbreak of “very difficult to treat” CPE superbug in Tallaght Hospital risked “significant morbidity and mortality”

A busy hospital struggled with an outbreak of a new variant of a dangerous superbug trying to manage patients who needed to smoke, medical students that ended up in a ward with infection, and allowing visitors for sick people.

Internal records said Tallaght University Hospital (TUH) in Dublin was dealing with a “very active and resistant outbreak” that could be associated with “significant morbidity and mortality”.

Hundreds of potential contacts were identified with progress reports saying there were “not many options” available to treat the variety of the CPE superbug that was spreading.

The outbreak was first notified to the board of the hospital in April of this year and remained open until the end of August, a TUH spokeswoman said.

The progress reports detail some of the measures that were introduced including “visitors restricted unless end of life” and how 95% of staff were compliant on hand hygiene training and that only those with this training should be allowed on the ward.

One update noted: “Leaflets to stop visitors coming from the atrium, leaflets to be distributed to patients, wording to be updated to advise patients to not leave the ward to go to the atrium (smokers will be a problem).”

Concerns were also raised over consultants who had visited the ward at the centre of the outbreak that were not “bare below the elbow”, that is they were wearing long sleeves, jewellery, watches, or other items that have the potential to carry infection.

Another note said: “Medical students doing exams were on [the ward] – the instruction was that they did not go [there]. [Staff member] to follow up with [colleague as to] why this happened.”

Data Protection Commission told it must release records on use of CCTV to combat illegal dumping

The Data Protection Commission (DPC) has been directed to release documents it holds on the use of surveillance cameras for tackling fly-tipping and environmental crime.

In a request made under the Access to Information on the Environment (AIE) Regulations, Right to Know had sought copies of correspondence between the DPC and local authorities about CCTV.

In both its original decision and at internal review, the DPC said the records sought were not “environmental information”.

They argued that the records related to data protection and personal data processing and they contained nothing that was likely to have an effect on the environment.

The Commissioner for Environmental Information disagreed however, and said the CCTV was clearly intended to “target illegal dumping and environmental crime”.

It said the records clearly related to a plan that carried “more than a remote possibility” of an environmental impact.

The decision added: “Data protection considerations are, therefore, in my view, a critical or integral factor in the proposed use of CCTV to target illegal dumping and environmental crime.

“This means that inquiries to the DPC about potential data protection considerations pertaining to the use of CCTV to target illegal dumping and environmental crime constitute information ‘on’ the measure [that is proposed or planned].”

The DPC’s other flimsy arguments about why the records would in any event be exempt under the AIE Regulations were also rejected in the decision.

Cases like this involving the DPC are important because that office is effectively off-limits within the FOI Act, where only purely administrative records can be accessed.

However, any of their work that has an environmental impact like this is open to scrutiny.

Department of Finance said “over-riding consideration” in sale of AIB shares should not be recovery of state’s full €29 billion bailout for banking sector

Officials told the Finance Minister that recovery of the full €29 billion the state used to bail out the banks should not be the “over-riding consideration” as the Exchequer looked to sell off more of its stake in AIB.

Ahead of the latest share sale of the bank earlier this month, a submission for Minister for Finance Michael McGrath said the state had now been a shareholder in AIB for thirteen years and that it was key to keep reducing its exposure.

A pre-sale submission said: “Our advice for many years has been to gradually reduce our investment in the banks at sensible prices such that we can recover as much of the [circa] €29 billion we put into AIB, BOI and PTSB as possible.

“Full recovery of the €29 billion or what we put into AIB should not be the over-riding consideration that drives our decision making. Bank shares are risky and volatile and the State has already been a shareholder in AIB since 2010.”

Minister McGrath was told that “political conversations” about another sale should take place but that as long as these did not include a specific date, they were not considered sharing “inside information”.

“Therefore (if required) we recommend that you seek political clearance in the coming days, and ideally before AIB’s trading statement on November 1st, giving you the ultimate decision and authority to execute a transaction based on our advice and market conditions,” said the document.

A post-sale submission on what was tagged Project Viking VI said the latest sale had yielded €515 million and had reduced the state’s shareholding in the bank to 40.8 per cent.

DPC said planned new structures for commission could hamper speed of large-scale inquiries into big tech

The Data Protection Commission (DPC) warned the government that new proposed structures for the organisation could slow down the pace of major data protection inquiries involving high-tech companies and other multinationals.

In a pre-budget submission, the DPC said there “simply aren’t enough people” if plans for a new system of governance involving multiple committees were implemented.

In the document, the commission claimed it was “by far the most agile and expeditious” data protection authority in Europe when it came to large-scale inquiries and that this could be compromised by increased procedural bureaucracy.

It said: “The new form of administration which has been prescribed … [will require] more rigidly structured, multi-layered protocols that have the potential to decelerate the rate at which the DPC concludes its regulatory inquiries.”

The submission also warned of chronic difficulties in recruiting suitable staff, and said there were long waiting times in getting jobs advertised through the Public Appointments Service.

They said this had “inevitably caused significant delays to all of the DPC’s 2023 recruitment campaigns and onboarding of new hires”.

The document also outlined how the DPC had run into unforeseen delays in moving to a new headquarters in Dublin city centre.

EPA predicted tweet about reducing red meat in diet was likely to “get the ire [up] of some people” before its controversial deletion

The Environmental Protection Agency (EPA) knew a tweet about cutting down meat consumption was likely to cause consternation but said there were always “people that get annoyed”.

The EPA deleted the controversial post within a day of being contacted by farming groups who asked them if they stood over the message about reducing red meat in the diet.

In the run-up to posting on social media, an internal email said: “It should be fair game, but I wanted to flag it. It’s not controversial but as a topic it does get the ire [up] of some people who are very online.

“That said, EPA should probably be saying more about the environmental impact of Ireland not transitioning to a more plant-based diet.”

In response, another official said that it looked “fine” and that at the very least they could say that “we are starting a conversation”.

Donald Trump’s Doonbeg hotel given all-clear by county council over unauthorised fencing on protected Co Clare beach

Donald Trump’s legal woes have been mounting but he has one less worry over the erection of fencing near his luxury Co Clare hotel and golf resort.

Clare County Council has confirmed to the Trump International Golf Links Hotel that it has closed its investigation into controversial works at an adjoining beach and that they did not intend pursuing the case any further for now.

The news followed an inspection of the site in March of this year during which an executive planner confirmed that the removal of fencing had adequately addressed most of the issues at Doughmore Strand.

It said the fencing that remained was “limited in nature” but that there was still some fence along the beachfront as well as round hay bales.

The inspection report said a letter should issue to the Trump hotel saying: “Clare County Council considers that the entirety of these works … are unauthorised. You are therefore requested to outline your proposals to resolve this remaining planning issue.”

However, in response the hotel and golf links said they did not agree that either the bales or the last of the fencing constituted unauthorised development.

The hotel’s general manager Joe Russell wrote: “I would also note that the bales, placed seasonally to protect the golf course for very many years, have now been removed as is normal at this time of year.”

In May, the council informed the hotel that they had no plans to take any further action arising from the controversial fencing.

A letter said: “Please be advised that in light of the substantial compliance with the enforcement issues on the site, the planning authority does not intend to progress with any further enforcement proceedings at this time.”

IDA ordered to release unredacted minutes of key management committee by Information Commissioner

Right to Know has been successful in another case taken against the IDA where we looked for minutes of an influential committee at the development agency.

The IDA’s organisational development committee reviews the performance of the senior management team and plans for management development and succession.

The IDA, using one of its standard scattergun tactics, originally invoked six separate sections of the FOI Act to justify its refusal.

We appealed the case and subsequently sought internal review given how little information had been released.

The Information Commissioner has now found that only a very small amount of personal information relating to the former CEO of the investment agency was actually exempt under the FOI Act.

On the Section 29 arguments put forward by the state agency, the investigator wrote: “It seems to me that the IDA has made sweeping arguments about the possibility of certain harms arising without having had appropriate regard to the specific nature of the information at issue.”

On section 30, the decision said: “Yet again, it seems to me that the IDA has made sweeping arguments about the possibility of certain harms arising without having had appropriate regard to the specific nature of the
information at issue.”

For Section 35, the investigator concluded: “The IDA has not shown that the specific information was communicated by its clients in circumstances which impose an obligation of confidence or trust on the IDA.

“I simply do not accept that the IDA’s clients have an expectation that every piece of information they provide to the IDA is provided in confidence, regardless of its sensitivity.”

That’s probably enough to get a picture of the decision.

It is of course open to the IDA to appeal the decision to the High Court.

If they did, that would be the third time in the space of a couple of years where they have used taxpayer funds to fight disclosure of information about their activities to Right to Know.

You can read the full decision below:

Right to Know wins case over access to records from Coillte on peat-slide at windfarm in Donegal

The Commissioner for Environmental Information has told Coillte to release records it holds on a massive peat slide that took place three years ago.

The event happened at Meenbog windfarm, Co Donegal in November 2020 when thousands of tonnes of material were dislodged, causing significant damage and pollution at a local river.

In 2021, Right to Know sought copies of records held by Coillte on the peatslide in a request made under the Access to Information on the Environment (AIE) Regulations.

The state forestry agency identified fifty two documents but refused access to all of them on a variety of grounds. At internal review, they upheld that decision.

We appealed to the Office of the Commissioner for Environmental Information (OCEI), who in a 42-page decision has found entirely in our favour.

It was a complex case during which the OCEI had to seek submissions from nine different third parties.

During the course of the investigation, further information held by Coillte was also identified that should have been scheduled as part of the original request.

The question of whether a peat slide could cause “emissions into the environment” was also raised with Coillte saying it couldn’t.

However, the OCEI disagreed and said in circumstances where drinking water supply was affected, discharge caused by the event clearly had a damaging impact on the environment and could be considered an “emission”.

Coillte had also claimed that multiple agencies were considering action over the peatslide.

When asked to provide evidence of that, they supplied a list of eight public bodies in the Republic and Northern Ireland, all of which had to be contacted as part of the investigation.

None of them raised any objection to release of the records.

The Loughs Agency, which had taken a prosecution over the incident, said their case was concluded and they had no issue with the documents being made public.

Coillte also made vague arguments about legal privilege; however, the decision gave little credence to that.

The forestry agency also made some tenuous arguments about the records being protected as the “internal communications” of a public authority.

The OCEI said a small fraction of the records might fall into that category but the public interest still weighed in favour of disclosure, especially given the passage of time.

It’s a very lengthy decision and we hope this gives a reasonable summary of it.

Coillte have two months in which to appeal to the High Court if they wish.

Gardaí asked to investigate 95 cases of suspected passport fraud while 68 applications refused due to concerns over identity theft or fraud

Ninety five cases of suspected passport fraud have been referred to the gardaí by the Department of Foreign Affairs over the past two and a half years.

The Passport Office also refused sixty eight different applications from individuals where they had concerns over potential fraud or believed somebody was seeking to steal somebody’s identity.

Figures from the Department of Foreign Affairs reveal as well how 1,095 passports have been stolen from Irish citizens in the period since the beginning of 2021.

There were also 1,343 instances of damaged passports and 9,333 cases where passports were reported lost or disappeared by the holder.

The number of passports going missing has risen sharply this year with 5,392 reports made between January and June of 2023 compared to just 457 for the entirety of 2021, when strict COVID-19 restrictions on travel remained in place.

There has also been a similarly steep rise in cases of passports getting stolen with 583 incidents logged in the first six months of this year compared to only 79 total for 2021.