Data Protection

Thursday, 28 November 2013

Questions (132)

Catherine Murphy

Question:

132. Deputy Catherine Murphy asked the Minister for Justice and Equality his plans to make changes to the law in respect of information seized as a by-product of the seizure of a computer; if data protection responsibility continues to be positioned with the data collector but the computer has been seized and, therefore, not under their control; the way they can give effect to that responsibility; in the event of the computer being sold, the efforts that are made to wipe the data; if third party data are retained on the computer, the way the data collector is protected; and if he will make a statement on the matter. [51264/13]

View answer

Written answers

Minister for Justice and Equality

As I indicated in my reply to Question No. 162 of 21 November, the Data Protection Acts 1988 and 2003 apply to the Revenue Sheriff. This means, inter alia, that appropriate security measures must be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of personal data coming into his or her possession. Such personal data may not be retained for longer than is necessary for any specific and legitimate purpose for which they were collected or processed. Where computer equipment containing personal data has been seized by the Revenue Sheriff, such personal data should be returned under secure conditions to the person from whom the equipment was seized unless there is a legitimate reason for non-return of the data. On return of the personal data, relevant provisions of the Data Protection Acts will apply to the data.

In January 2012, the European Commission published proposals for a General Data Protection Regulation to update the current data protection framework. The negotiations on the proposed Regulation are ongoing at EU level. In the circumstances, I have no plans to amend the law at this time.