Trusted by the judiciary, government lawyers, prosecutors, and many leading counsel. Click here to request a subscription.
|
or click here to request site subscription to search and view all judgments |
The High Court has refused to quash the Data Protection Commissioner's (DPC) decision that the Health Service Executive (HSE) was not acting as a data controller in relation to personal data stored on a work phone without authorisation. The court found that the DPC conducted an appropriate investigation into the complaint, which focused on the unauthorized access of personal accounts through a work phone issued by the HSE. The complaint was dismissed on the basis that the HSE had not authorised the use of the phone for personal purposes, and therefore could not be considered the data controller for the personal data in question. The court also noted that it could not be determined whether the applicant's personal accounts were compromised due to the HSE cyberattack or through other means.
Data Protection Commissioner (DPC), Health Service Executive (HSE), judicial review, data controller, General Data Protection Regulation (GDPR), personal data, work phone, unauthorized use, cyberattack, data breach, certiorari, mandamus, data protection legislation, statutory appeal, ICT Acceptable Use Policy, investigation, complaint handling, data subject.
Note: This is intended to be a fair and accurate report of a decision made public by a court of law. Any errors should be notified to the editor and will be dealt with accordingly.
The only subject matter index for all Irish judgments over the past thirteen years. Click here to request a subscription.
Register Now