Data Protection Review Group
Department of Justice and Equality An Roinn Dli agus Cirt, Comhionannais agus Athchoirithe Dli
The Minister for Justice and Equality has established the Data Protection Review Group on the subject of breaches of Data Protection.
Membership and Terms of Reference of the Group can be found on the Department's website www.justice.ie
Submissions may be made to firstname.lastname@example.org by the beginning of March 2009.
Terms of Reference:
a. Legal issuesi. Consider whether Irish Data Protection legislation needs to be amended to deal with data breaches
ii. Assess the effectiveness of existing legislation in this context, including the impact of mandatory reporting legislation where it has been introduced.
iii. Assess the likely impact of the scope and timing of the forthcoming ePrivacy Directive and next EU Data Protection directive and other relevant international legislative developments.
iv. Describe the range of options in existing legislation within EU and with competing non EU states.
v. Consider the potential formats of mandatory reporting
vi. Consider the role and level of penalties in any mandatory regime.
b. Technical issuesi. Definition of "breach" in the context of how organisations' use of technology is changing
ii. Assessment of the assortment of devices and locations holding data now
iii. Assessment of whether the same mechanisms should apply to paper and electronic media in any suggested change
iv. Attempt to foresee unintended consequences in the light of the rapid evolution of technology and business practices.
c. Regulatory issues
i. Assess the prevalence of the data breach problem and level of existing reports
ii. Assess any empirical evidence that Data Protection legislation informs industrial location decisions
iii. Consider whether any change bear on Public and Private sectors equally
iv. Assess how to establish the threshold of seriousness - in some cases a very small number of records could potentially cause substantial harm
v.Balance the potential effectiveness of any proposed change against increasing the costs of doing business in Ireland - the Group should, insofar as possible, ensure that its deliberations equate to a Regulatory Impact Analysis.
Should the Group form a view that any interim measures are available that would help the overall objective of reducing the risk of data breaches then they are encouraged to make an interim report to the Minister.
The Membership of the Group is:
Chairman: Mr. Eddie Sullivan (former Secretary General Department of Finance), Mr. Billy Hawkes, Data Protection Commissioner, Professor Robert Clark (School of Law, UCD), Ms. Isolde Goggin (former Chair of Comreg and expert on Regulatory Impact Assessment), Mr. Alec Dolan & Ms. Noreen Walsh (Department of Justice and Equality, Mr. Dave Ring (CMOD, Department of Finance), Mr. Tony McGrath (Department of Enterprise, Trade and Employment), Mr. Paul Carroll (Department of Social and Family Affairs) and Mr. Roger O'Connor (Department of Communications, Marine and Natural Resources).
The Data Protection Review Group has decided to publish a Consultation document to discuss a number of areas of the broad topic of data protection. The main regulatory options available are identified and interested parties are asked to provide comments thereon by 30/10/2009 to assist the Group reach a balanced conclusion on how Ireland should address the issue of the most appropriate legislative response to data breaches.