HSE Data Breach – Latest News

HSE Data Breach – Latest News2021-06-17T21:43:03+01:00

Questions arise over Data Protection and the Decision Support Service

Earlier this year the Mental Health Commission & Decision Support Service (DSS) moved a longstanding legal instrument known as an enduring power of attorney (EPA) into an online format. Previously EPAs were a document created by solicitor and were for all intents and purposes a paper documents. The new EPA is one created online using a new DSS portal. Unsurprisingly it was necessary to commission an Data Protection Impact Assessment, but somewhat surprising is that the DPIA commissioned highlights a number of serious flaws, which may well open the DSS and Mental Health Commission to future litigation as well as fines from the Data Protection Commission. In June [...]

By |July 22nd, 2023|Categories: Firm News, HSE Data Breach, Legal Updates, Uncategorized|

Data Breaches and “the stay”

We read with interest the decision of Judge John O’Connor in the Irish times on the 18th May 2023 concerning the application by the HSE for a stay against a plaintiff seeking to recover damages for the breach by the HSE of the GDPR. The claim stems from the 2021 cyber attack which we have commented on extensively and in respect of which we have a number of proceedings in being (although we have no involvement in the above case) At first glance the position adopted by Judge O’Connor seems like an attractive “wait and see” position for an Irish Court to adopt. Irish Courts are, where Community [...]

By |May 18th, 2023|Categories: Firm News, HSE Data Breach, Uncategorized|

Micheal O’Dowd, Partner on Red FMs Neil Prendeville

Micheal O'Dowd, Managing Partner in O'Dowd Solicitors was invited onto Red FM's Neil Prendeville  show this morning to discuss the "One in Four" data breach as well as giving an update in what is an interesting and ever evolving area of Law. It seems that despite stark warnings companies and organisations are still not taking Data Security seriously and are not taking precautions to avoid incurring legal liabilities. Two years ago the self styled "Alliance for Insurance Reform" saw fit to report us to the Legal Services Regulatory Authority for merely posting on this website that people may sue data controllers if their data is stolen. Thankfully this [...]

By |April 18th, 2023|Categories: HSE Data Breach|

Data Breach issues continue

We have been somewhat inundated with queries in respect of the HSE Data Breach. The scale of upset is quite extra ordinary, but by the fact the breach occurred, and the delay by the HSE in notifying data subjects. At this point hundreds of people have made inquiries as to possibility of issuing proceedings against the Health Service for breach of the data protection rights. While experience would suggest that the HSE will attempt to deny liability it is hard to see how these denials will be successful. There is  however a very live issue before the European Court of Justice at the moment as to how much [...]

By |February 21st, 2023|Categories: HSE Data Breach|

HSE Data Breach – November 2022 update

On the 5th April 2002 a hacker gained access to the Stephen P. Teale Data Center in California. The nondescript data centre was used by the state to process personal data relating to state employees. In total it is said that private information relating to 265,000 state employers was compromised on that day. The existence of hack was not made public by officials until the 24th May that year. On 6th June 2002, the Californian Senate Committee on Privacy, held an informational hearing on the incident to explore why the breach was not disclosed in a more proactive and timely fashion. Testimony at that hearing revealed that during [...]

By |November 14th, 2022|Categories: Firm News, HSE Data Breach, Legal Updates|

HSE Hack – 12 months none the wiser

We have been a little quiet with our updates on this in the last number of months. It remains something of a mystery to us why 12 months after the hack the HSE has not informed any service users that they data may have been accessed in the course of the attack. The obligation to notify data subjects of a breach is a requirement of the GDPR. To date it seems only the Mercy Hospital in Cork notified data subjects that their data was accessed, and only those whose data was placed on the “dark web” were notified. This falls far short of the obligation the GDPR placed [...]

By |June 7th, 2022|Categories: Firm News, HSE Data Breach, Legal Updates|
Go to Top