Speaking today at Garda Headquarters, Garda Commissioner Martin Callinan said:
"As the holders of sensitive information about individuals, An Garda Síochána takes its obligations under Data Protection legislation very seriously.
As part of these obligations, I am happy to publish in full the audit by the Office of the Data Protection Commissioner (ODPC) of data protection in An Garda Síochána covering 2011 to October 2013.
I welcome the ODPC’s main finding that "the majority of the areas examined demonstrated a professional police force operating in compliance with data protection legislation”.
In particular, the ODPC found no major issues of concern with An Garda Síochána’s data protection measures in a number of key areas including: the Garda vetting system; use of CCTV; use of subscriber data held by telecoms companies; the Automatic Number Plate Recognition (ANPR) system; and the charging and offender process.
I also welcome the ODPC’s comment that many of its recommendations were already well advanced or completed by An Garda Síochána by the end of its audit. Any outstanding recommendations by the ODPC in its report will be implemented by An Garda Síochána subject to changes to legislation and internal and external consultation.
The ODPC is right to be concerned about any improper access to PULSE by any member of An Garda Síochána and the related risk of the disclosure of highly sensitive personal data outside of the organisation. As An Garda Síochána’s Data Controller, I share these concerns and I have expressed my disquiet about this publically on several occasions.
In that context, a number of Garda members have been subject to discipline for inappropriate access to Pulse within the period of the audit process.
While any breach is unacceptable, it should be said that this relatively low number of breaches indicates that the vast majority of members are in compliance with the Data Protections Acts and the Garda Síochána Data Protection Code of Practice.
I also welcome the fact that the ODPC recognised that An Garda Síochána took immediate steps to address issues raised in relation to governing PULSE access by introducing three measures – a HQ directive in December 2012 reminding all members of An Garda Síochána of the requirement to detail the reason they conducted a search on PULSE, introducing a revised warning notice on PULSE, and putting in place a programme of random audits conducted by the Garda Professional Standards Unit.
Where any potential data protection breaches within An Garda Síochána come to the organisation’s attention, we work closely with the ODPC to remedy them.
Finally, I would like to thank the ODPC for its valuable audit and feedback, and for its assistance in helping An Garda Síochána in the delivery of best practice in data protection.”
Note to Editor
The copy of the audit by the Office of the Data Protection Commissioner can be found on www.garda.ie