Privacy & Information Security Law Blog

On October 6, 2014, the Irish Office of the Data Protection Commissioner (“ODPC”) announced its success in bringing prosecution proceedings against M.C.K Rentals Limited (“MCK”), a firm of private investigators, and its two directors, for breaches of the Irish Data Protection Acts 1998 and 2003. Specifically MCK and its directors were found to have (1) obtained personal data without the prior authority of the data controller who was responsible for the data and (2) disclosed the personal data obtained to various third parties.

The ruling marks the first time directors of a company have been successfully prosecuted in Ireland under section 29 of the Data Protection Acts, which “provides for the prosecution of company directors where an offence by a company is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of the company directors or other officers.”

The two MCK directors were each found guilty of one offense and fined €1,500, and MCK was found guilty of five offenses and fined €1,500 per offense.

The ODPC announced that the successful prosecution is significant for several reasons:

• It is the first time private investigators have been successfully prosecuted under the Irish Data Protection Acts;
• It is the first time company directors have been personally prosecuted by the ODPC for their role in the commission of data protection offenses by their company; and
• The investigation uncovered widespread use of “blagging” techniques.

“Blagging” is commonly understood to refer to attempts by individuals to knowingly or recklessly obtain personal data from data controllers without prior authority, often through deceptive practices.

The ODPC highlighted that the companies that received personal data from MCK asked no questions as to how MCK obtained the personal data. The prosecution serves as a reminder to companies that use private investigators of their responsibilities under the Irish Data Protection Acts to ensure that work carried out on their behalf is conducted in compliance with law.