Downloaded from the website of the Data Protection Commissioner on 26 th July, 2011.

Similar documents
Motor Accidents Compensation Amendment (Claims and Dispute Resolution) Act 2007 No 95

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Registrar's Practice Guide for Work Injury Damages in the Workers Compensation Commission

Policy and Procedure for Claims Management

CLAIMS HANDLING GUIDELINES. for CTP Insurers

IN THE HIGH COURT OF JUSTICE IN NORTHERN IRELAND PROTOCOL FOR CLINICAL NEGLIGENCE LITIGATION

Steve Mason, Legal Services and Governance Lead. Ratified and Approved CCG Governing Body on 10 October 2013 by:

Making a complaint in the independent healthcare sector. A guide for patients

GUIDE TO PERSONAL INJURY/ACCIDENT CLAIMS

ASSEMBLY BILL No. 597

Code of Practice on Data Protection for the Insurance Sector

The 2007 Rehabilitation Code

ASSEMBLY BILL No. 597

Personal Injury Accident Claims 2011 You still need a Solicitor.

GADSBY WICKS SOLICITORS EXPLANATION OF LEGAL TERMS

Decision Notice. Decision 119/2015: Mr Tommy Kane and the Scottish Ministers. Use of private contractors in the NHS

Motor Legal Care Terms and Conditions

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

DATA PROTECTION CORPORATE POLICY

MOTOR VEHICLE COMPENSATION CLAIM SUCCESS

Personal Injury Multi-Track Code

September Claims Guideline

Taking Action. Dispute resolution, legal action and claims for negligence

Small Business Grants (Employment Incentive) Act 2015 No 14

How To Settle A Car Accident In The Uk

Decision 131/2008 Mr N and East Ayrshire Council. Tender Documents. Reference No: Decision Date: 7 October 2008

Pre-Action Protocol for Personal Injury Claims

PRE-ACTION PROTOCOL FOR LOW VALUE PERSONAL INJURY CLAIMS IN ROAD TRAFFIC ACCIDENTS

IN THE SUBORDINATE COURTS OF THE REPUBLIC OF SINGAPORE PRACTICE DIRECTIONS AMENDMENT NO 4 OF 2012

Income Protection Cover. Guide to making a claim

Road Traffic Accidents Do s and Don ts & the Legal Process

ORDER MO Appeal MA_000155_1. City of Toronto

Personal injury claims advice solicitors

MOTOR VEHICLE ACCIDENT CLAIMS ACT

MIB Uninsured Agreement

Conditional Fee Agreement: What You Need to Know

CHAPTER 43 ACTIONS OF DAMAGES FOR, OR ARISING FROM, PERSONAL INJURIES

1. TERMS OF REFERENCE 1 2. INTRODUCTION 2 3. ACTION ITEMS 7 4. SUPPORTING COMMENTS ON THE ACTION ITEMS LAWYERS AND LEGAL ADVICE 19

DATA PROTECTION POLICY

Motor Vehicles (Third-Party Risks and Compensation) (Amendment) Bill

Queensland PERSONAL INJURIES PROCEEDINGS ACT 2002

TEMPLE LITIGATION ADVANTAGE INSURANCE FOR DISBURSEMENTS AND OPPONENT S COSTS Certificate of Insurance

INDIVIDUALS WITH DISABILITIES EDUCATION ACT NOTICE OF PROCEDURAL SAFEGUARDS

Child and Adult Services Subject Access Requests Guidance

Access to Health Records

PRE-ACTION PROTOCOL FOR LOW VALUE PERSONAL INJURY CLAIMS IN ROAD TRAFFIC ACCIDENTS FROM 31 JULY 2013

guide to legal services

Pre-Action Protocol for Personal Injury Claims

CHARTER OF PATIENT RIGHTS

in the Northern Territory

PERSONAL INJURIES PROCEEDINGS BILL 2002

PRE-ACTION PROTOCOL FOR LOW VALUE PERSONAL INJURY CLAIMS IN ROAD TRAFFIC ACCIDENTS

Statutory duty of candour with criminal sanctions Briefing paper on existing accountability mechanisms

Conditional Fee Agreement: What You Need to Know

STATUTORY INSTRUMENTS. S.I. No. 623 of 2006 EUROPEAN COMMUNITIES (EUROPEAN PUBLIC LIMITED-LIABILITY COMPANY) (EMPLOYEE INVOLVEMENT) REGULATIONS 2006

SCHEME OF COMPENSATION FOR PERSONAL INJURIES CRIMINALLY INFLICTED AS AMENDED FROM 1 ST APRIL 1986

SFS 2002:599 Group Proceedings Act Introductory provisions Group action Section 1 Group proceedings Section 2

Data Protection Policy

Transport Accident Act No Fault Dispute Resolution Protocols 1 March 2005 (amended as from August 2008)

8 July 2015 CRIMINAL JUSTICE (Victims of Crime) BILL 2015 GENERAL SCHEME CONTENTS PART 1 PRELIMINARY. PART 2 Information for Victims

Will, trust and estate disputes

EWART PRICE SOLICITORS ROAD TRAFFIC ACCIDENTS - NOTES FOR CLAIMING FOR PERSONAL INJURY AND OTHER UNINSURED LOSSES

Personal Data Act (1998:204);

Decision 098/2007 Ms Sandra McGregor and the Common Services Agency for the Scottish Health Service

Deeds on Accountable Trust Receipt Redemption Figures Signature of Undertaking

Guidelines Legal Services Advertising, Marketing and Promotion The purpose of these Guidelines is to provide practitioners with a starting point for

DEFENDANT LITIGATION SERVICE

TRANSPARENCY INTERNATIONAL - PAKISTAN. Freedom of Information Ordinance promulgated

Distribution channels in insurance

PRE-ACTION PROTOCOL. Re: Road Traffic Accidents and Personal Injury Claims The aims of the pre-action protocols are:

REPUBLIC OF SOUTH AFRICA

CHILDREN AND YOUNG PEOPLE SERVICE ALCOHOL, DRUG OR OTHER SUBSTANCE MISUSE OR ABUSE POLICY

Transport Accident Act Common Law Protocols 1 April 2005 (amended as from March 2010)

Clinical Negligence: A guide to making a claim

NHS REDRESS ACT 2006

South Dakota Parental Rights and Procedural Safeguards

Making a complaint Information Guide

Legal Expenses Insurance. Rule pursuant to article 5 of the Act

A BILL for AN ACT. Serial 137 Personal Injuries (Civil Claims) Bill 2003 Dr Toyne

Setting Up Fee Charging Services

Legal Costs, Cost Agreements, Disclosure & Billing under the The Legal Profession Uniform Law. NSW Law Society Seminar

Report of a Complaint Handling Review in relation to Police Scotland

Code of Practice on the discharge of the obligations of public authorities under the Environmental Information Regulations 2004 (SI 2004 No.

Medical Negligence. A client s guide. head and shoulders above the rest in terms of skills, experience and quality. The Legal 500

Data Protection Act a more detailed guide

USING LAWYERS IN HONG KONG

DRAFT MOTOR TRAFFIC (THIRD- PARTY INSURANCE) (COST RECOVERY) (JERSEY) REGULATIONS

1.1 Explain the general obligations of a claimant and defendant under the Practice Direction on Pre-Action Conduct ( PD-PAC )

Complete Professional Indemnity

Personal Injury Accident Claims Do you need a Solicitor anymore?

Quick guide to the employment practices code

d d mm y y If the injury was as a result of criminal assault or a Road Traffic Accident, was the accident reported to the police?

Code of Conduct for registered migration agents

Income Protection Cover. Guide to making a claim

Transcription:

Case Studies relating to privilege and solicitors Downloaded from the website of the Data Protection Commissioner on 26 th July, 2011. 6/2001 CASE STUDY 6/01 Legal firm identification of source of personal data lack of co-operation issue of enforcement notice This case study provides a useful example of a matter which could have been disposed of easily at the outset, but which was protracted due to lack of cooperation from a data controller in this case a solicitor. The case also demonstrates that, where I consider that an important issue is at stake, I am prepared to have full recourse to my legal powers until I reach a satisfactory conclusion. The complainant had been involved in a car collision. The complainant and the other party involved had exchanged phone numbers but not addresses. The complainant subsequently received a phone call from a solicitor, acting for the other party involved, seeking her car registration number and address. The complainant declined to provide these details, since she had understood the matter to have been informally resolved, and that no recourse to legal action had been contemplated. In any event, some weeks later the complainant received a letter at her home address from the solicitor. The complainant asked how the solicitor had obtained these details, but this information was not forthcoming. The complainant raised the matter with me, as she suspected that her personal details had not been fairly obtained by the solicitor, as required under the Data Protection Act. On raising the matter with the solicitor, she explained that her client had noted the registration number of the complainant s car, and that the Motor Registration Bureau had used this information to supply the solicitor with the complainant s address, in accordance with the provisions of the Road Traffic Acts. However, the complainant contested this assertion., since the solicitor and the complainant had declined to supply this information. Why would the solicitor have requested the car registration number during their initial phone call, the complainant asked, if the solicitor s client already had this information? The complainant argued forcefully that the solicitor must in fact have obtained the data from another source. My Office put these points in writing to the solicitor, who declined to provide any further explanation, maintaining simply that the details had been obtained from the Motor Registration Bureau. I was not satisfied with the completeness or frankness of the solicitor s response and so, after repeated refusals from the solicitor to furnish additional information, I decided to issue a formal Information Notice under section 12 of the Data Protection Act. An Information Notice obliges the recipient to furnish such information in relation to matters specified in the notice as is necessary or expedient for the performance by the Commissioner of his functions. It is an offence not to comply fully with the information sought; and in general, I only resort to

issuing such a Notice if I consider that necessary information will not be provided voluntarily. In response to the Information Notice, the solicitor stated that the details were obtained from its client and the Motor Registration Bureau. My Office then wrote once more to the solicitor expressing dissatisfaction with her reply. My Office had established that the Motor Registration Bureau had not been contacted by the solicitor until five months after the incident, while the complainant s home address was known to the solicitor within weeks of the incident. The solicitor was advised that, unless full particulars were forthcoming immediately, I would commence proceedings in accordance with section 30 of the Data Protection Act, 1988 for failure to comply with the Information Notice. The solicitor responded with an explanation that the complainant s address details had, in fact, been obtained from her client, and only subsequently confirmed by the Motor Registration Bureau. This belated explanation, had it been provided at the outset, would have obviated the need for the protracted and time-consuming investigation of this matter. It concerns me that, in this case, a member of the legal profession was reluctant to provide the straightforward information which I considered necessary to bring the complaint to a conclusion. It took seventeen months and the full use of my statutory powers to get the information in question. I can ill afford the time my staff had to devote to delaying tactics but where I feel an important issue is at stake I am prepared to pursue matters fully to reach a satisfactory conclusion. From my general experiences with legal practitioners to date, I consider this to have been an isolated case and not representative of the legal profession in general. However, should a similar type case arise in future from any source, I will have no hesitation in publicly naming the party involved, and in vigorously pursuing proceedings for any offences under the Act. 1/2004 Case Study 1 of 2004 Employment matters claim of legal privilege and access to medical data in the workplace An employee of a major national company had been requested to attend a doctor nominated by the employer in the context of his on-going sick leave. His employment was subsequently terminated and he made an access request under section 4 of the Data Protection Acts for a copy of the medical report. The company refused him access on the grounds that the employee had initiated legal proceedings against the company and that the report was privileged and that it did not have to be released as section 5(1) (g) applied. This section provides that the right of access under section 4 of the Acts does not apply to personal data "(g)in respect of which a claim of privilege could be maintained in proceedings in a Court in relation to communications between a client and his

professional legal advisers or between those advisers." I pointed out that there are two main categories of legal professional privilege recognised by Irish Courts: Confidential communications between a person and his lawyer seeking or giving legal advice and documents created by either party to provide or to obtain such advice are privileged. Documents created by either lawyer or client in anticipation or furtherance of litigation are also privileged. Therefore, communications between a person and his lawyer which provide legal advice or assistance and documents created to obtain or produce such advice or assistance are privileged if given or created in anticipation or furtherance of litigation. In deciding whether privilege could be claimed, I considered the purpose of the referral to the doctor and specifically whether it was in anticipation of legal proceedings or to obtain legal advice or whether the purpose was to determine fitness for work. The complainant stated that he had been requested by letter to attend the doctor to have his condition assessed due to his on-going sick leave no reference was made to attendance being requested in connection with any court proceedings. The company however sought to claim to my Office that the report had been sought on legal advice and in anticipation of possible future legal proceedings. I found that while there may indeed have been a possibility of legal proceedings in relation to other matters, the first formal notification of court proceedings was sent by the data subject s solicitors many months later. I further found that the purpose of the medical examination should be clear to the data subject at the time that he attends the doctor. The employee in this case was clearly under the impression that the referral was related to assessing his fitness for work only. It is an important Data Protection principle that another purpose cannot be introduced retrospectively. Furthermore, information about the purpose is required to be provided to the employee (data subject) pursuant to section 2(D)(i) and (ii) of the Acts, otherwise personal data is not treated as "fairly processed". Privilege is an important feature of court proceedings but it should not be used as a veil to seek to restrict access where it cannot be justified. As section 5(1)(g) relates to personal data in relation to communications between a client and his professional legal advisers or between those advisers, I took the view in this case that a copy of a medical report prepared for a specific personnel purpose could not be considered as such a "communication" which would attract privilege. Also, there are very limited restrictions on an individual's right of access to his or her medical data. The Data Protection (Access Modification)(Health) Regulations, 1989 provide that restrictions on access must be based on opinion by a medical professional that allowing access would cause serious harm to the individual's physical or mental health. As "harm" was not an issue, I therefore concluded that section 5(1)(g) of the Data Protection Acts,

1988 and 2003 could not be relied upon by the company to restrict his access to a copy of the medical report in question. I was pleased that the company accepted my view. In another employment related case, I established that a data controller cannot avoid dealing with an access request for an employee s medical report on the premise that it has been returned to the author of the report. To deal with such requests, organisations should have a clear procedure in place. The request may be for (1) the report itself and/or (2) the data on the medical file. When an access request for medical data is received, the Company Doctor/Medical Officer should be immediately advised and should make the data available unless it is considered harmful to do so. On a related question, it is sometimes considered that the employee s consent is needed for referral to a company doctor. Generally, an employer will have the right under the contract of employment to refer an employee for a medical report. Processing of personal data in a medical report involves sensitive data and section 2(B)(i) of the Acts provides that a data controller must obtain "explicit" consent from a data subject before sensitive data may be processed. Alternatively, section 2B(ii) provides for processing which "is necessary for the purpose of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment.". Relying on freely given consent implies that an employee has a right to refuse referral. Given the employer's rights under the contract of employment, this may not fully reflect the entirety of the rights and obligations involved. Therefore when the employee agrees to attend the doctor, what is important is that the employee clearly understands that s/he is required to attend the medical assessment for a particular purpose e.g. to determine whether s/he is fit to return to work and attends on that basis alone. On the other hand, if the purpose is connected with anticipation of or defence of legal proceedings then the employee should know that this is the basis for the referral. Privilege is an important feature of court proceedings but it should not be used as a veil to seek to restrict access where it cannot be justified- generally, an employer will have the right under the contract of employment to refer an employee for a medical report 2/2005 Case Study 2 - Life assurance company and medical reports - access request denied I received a complaint from a data subject who had not been given copies of medical reports, commissioned from independent specialists by a life assurance company in connection with her on-going income continuance claims the Company had discontinued her claims on the basis that she was no longer fulfilling the definition of disability, as required under her policy.

In investigating this complaint, I reiterated that the Data Protection Acts give people a statutory right of access to their data, including their medical records, and that this right can only be limited or set aside in very specific and narrow circumstances. The Company had cited the exemptions in section 5(1)(f) and 5(1)(g) as a basis for denying access to certain reports. Section 5(1)(f) of the Acts provides that the right of access to personal data does not apply to personal data: "(f) consisting of an estimate of, or kept for the purpose of estimating, the amount of liability of the data controller concerned on foot of a claim for the payment of a sum of money, whether in respect of damages or compensation, in any case in which the application of the section would be likely to prejudice the interests of the data controller in relation to the claim." I considered that medical reports commissioned by a life assurance company are for the purpose of assessing a claim. I found that the exemption in section 5(1)(f) permits a data controller, who puts on file an estimate of the amount of money that may be needed to meet a claim for compensation, to plead an exemption if the release of that estimate would be prejudicial. The contents of the medical reports at issue in this case did not relate to estimating liability per se. Rather, they related to whether or not there is a disability and opinions about capacity to work. It was therefore my view that this exemption cannot be claimed in respect of medical reports. The company also proposed to withhold other reports on the basis of legal privilege as provided in section 5(1)(g), as they believed that they would seriously prejudice (their) defence in any action. Section 5(1)(g) provides that the right of access to personal data does not apply in respect of data : (g) in respect of which a claim of privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers. In assessing whether privilege could be claimed, it is necessary to look at the purpose of the referral to the doctor and specifically whether it was in anticipation of legal proceedings or to obtain legal advice. My staff outlined to the Company that it is important when a life assurance company commissions a report that the claimant fully understands the purpose of the examination e.g. the purpose being for the company to assess and to come to a decision on a claim. Whether the reports were commissioned in anticipation or furtherance of litigation and thus attract privilege, falls to be determined on a case by case basis. It was understood that the decision in this case might ultimately be challenged in court and the Company indicated that in their opinion there was a high likelihood of this. The exemption refers to a potential situation where a claim of privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers. In this case, my staff considered that it was conceivable that such a claim could be maintained in a court.

Therefore, it was held that certain medical reports specified by the company may be withheld pursuant to section 5(1)(g) pending any court proceedings. This case shows how the balance between a data subject s right of access to personal data must be balanced with the legitimate interests of a data controller in this case one who may possibly be facing litigation. In the event of litigation not taking place, the data controller would be required to review its decision. 13/2007 Case Study 13: Dairygold - Failure to comply in full with an Access Request In June 2006, I received a complaint from a firm of solicitors acting on behalf of a client regarding alleged non-compliance with a subject access request. The data subject had made an access request to her employer, Dairygold Co-Operative Society Limited/ REOX, in March 2006 but it had not been complied with within the statutory forty day period. My Office wrote to the data controller and we subsequently received a reply to the effect that the material sought in the access request had now been supplied. However, following examination of the documents received, the solicitor for the data subject communicated further with my Office and identified certain documents omitted by the data controller. Particular reference was made to documents in relation to a workplace accident in which the data subject was involved in October 2004. My Office contacted Dairygold/Reox seeking an explanation for the missing documents. While it responded by providing observations on a number of the missing documents, it also stated that it was obtaining legal advice regarding the release of the documents relating to the workplace accident. After the exchange of detailed correspondence between my Office, Dairygold/Reox and its legal representatives, an index of all of the personal information which had been released was provided to my Office. In relation to the documents concerning the workplace accident, the solicitors for the data controller confirmed that their client was in possession of both an Internal Accident Report and a Consulting Engineer s Report. It stated that both documents were prepared in contemplation of a personal injury claim and were therefore privileged. To satisfy ourselves that there was a sound basis for the legal privilege claim in relation to these documents, my Office sought information from the data controller regarding the dates on which the two reports were created. It was confirmed that the Internal Accident Report Form was created in the days immediately following the workplace accident and the Consulting Engineers Report was created some nineteen months later in May 2006. My Office pointed out to the data controller s solicitor that the claim of legal privilege related only to communications between a client and his professional legal advisers or between those advisers and that this provision could not be applied to the internal accident report created shortly after the incident. In light of the information available to my Office, we accepted that the claim of legal privilege could be applied to the Consulting Engineer s Report. The data controller continued,

however, to claim legal privilege on both documents. In an attempt to bring closure to this matter, my Office requested a confidential sighting of the Internal Accident Report. Regrettably, the data controller refused to comply with this request and I had no option but to serve an Information Notice requiring that a copy of the Internal Accident Report be furnished to me. The Internal Accident Report was supplied to me in response to the Information Notice. On examining the Report I was satisfied that it contained personal data of the data subject and I was further satisfied that the limited exemptions to the right of access set down in the Acts did not apply to this document. The document also contained some limited personal data of third parties and non personal information which we advised the data controller to redact with the balance to be released voluntarily to the data subject. The Report was subsequently released in accordance with our advice. There is a tendency for data controllers in some cases to claim non-relevant exemptions under Sections 4 or 5 of the Acts to restrict the right of access. With increased frequency, accident reports in relation to workplace incidents are being withheld with data controllers claiming legal privilege on such reports. I do not accept that legal privilege applies to such reports. It is standard procedure for an accident report to be compiled by an employer in the aftermath of a workplace accident and such reports clearly do not fall into the category of personal data in respect of which a claim of legal privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers. Any data controller who is reported to me as having restricted a data subject s right of access to reports of this nature will face an investigation by my Office involving a close scrutiny of the grounds for applying the restriction. I will have no hesitation in using my full enforcement powers to ensure the rights of the data subject are upheld in relation to such cases. 9/2008 Case study 9: An access request and a successful claim of legal privilege by a Data Controller In May 2007 I received a complaint from a solicitor acting on behalf of a client regarding the alleged failure of a data controller to respond to an access request. The solicitor had submitted an access request on behalf of his client to her former employer in February 2007. The data controller failed to respond to the access request within the statutory forty-day period. My Office commenced an investigation by writing to the data controller about the complaint. We received a reply from the data controller s solicitor confirming that a response had issued to the access request. The reply included a number of documents containing personal data. However, the data controller's solicitor informed my Office that their client was claiming privilege in respect of two specific documents and was therefore not releasing them. These documents were a handwritten account by the store manager of the data subject's period of employment with the data controller and a handwritten account by the store manager relating to the data subject's alleged personal injuries suffered as a result of a workplace accident in July 2006. The

solicitors for the data controller informed my Office that both documents were created by their client for the benefit of legal advisers and in anticipation of litigation following receipt of two solicitor's letters on behalf of the data subject. There are some very limited exemptions within the Data Protection Acts to a data subject s right of access. These are set out in Sections 4 and 5 of the Acts. One of the restrictions to the right of access is set out in Section 5(1)(g). This states:- Section 4 of this Act does not apply to personal data in respect of which a claim of privilege could be maintained in proceedings in a court in relation to communications between a client and his professional legal advisers or between those advisers. The data subject's solicitor subsequently informed my Office of his dissatisfaction with the data controller's claim of privilege. It was necessary for my Office to be satisfied that the data controller's claim of privilege in relation to these documents was properly founded. For that purpose I requested the data controller to confirm to my Office the date(s) on which the documents were created and the purpose or purposes for which the documents were created. In response, we were informed that the relevant documents were created on two separate dates in the second half of February 2007 after the data controller received letters dated 6 February, 2007 from solicitors for the data subject. The data controller's solicitors informed my Office that the letters from the data subject's solicitors had intimated personal injuries and employment claims on behalf of the data subject. The claim of legal privilege under the Acts relates only to communications between a client and his professional legal advisers or between those advisers. The date of creation of the documents, on which the data controller was claiming privilege, when compared with the dates of its receipt of communications from the data subject s solicitors, satisfied my Office about the purpose of these documents. We accepted that the claim of legal privilege could be applied to both documents as it fell into the category of a communication between a client and his professional legal advisers. There are limited exemptions under the Acts to a data subject's right of access. When a data controller claims an exemption, my Office may request additional information from the data controller to be satisfied that the withholding of the documentation is properly founded. Such matters are dealt with by my Office on a case by case basis. 18/2008 Case study 18: A civil summons is served on the wrong person In February 2008 I received a complaint from a data subject who had received a District Court civil summons from a firm of Solicitors acting on behalf of a property management company. The civil summons named a male and a female as the defendants in the matter. The data subject shared the same full name as that of the male named on the summons. The data subject phoned the solicitors concerned to inform them that he did not know anything about the matter referred to on the summons, that the female named on the summons was not known to him and that she

did not reside at his address. When he asked the solicitors where they had sourced his address he was told that their enquiry agent had given it to them. My Office commenced its investigation by contacting the solicitors concerned to establish if, as alleged, the complainant had been mistakenly served with a summons which was proper to another man of the same name. The solicitors subsequently responded and confirmed that they accepted that the person who received the summons in this matter was not the person with whom their clients had contracted. They informed my Office that they had relied on information provided by an agent. They also asked my Office to convey their sincere apologies to the data subject for any inconvenience that may have been caused to him. My Office informed the data subject of the response of the solicitors and sought his views about how his complaint against the solicitors might be resolved to his satisfaction. He indicated that this could be achieved by the data controller agreeing to cover the legal and medical costs incurred by him as a direct result of being wrongly served the civil summons. The data subject informed my Office that on receipt of the civil summons it was necessary for him to engage a solicitor to deal with the matter as he had been summoned to appear before the District Court on an appointed date. He also stated that he suffered considerable distress as a result of receiving the summons and that he had attended his doctor as a direct result. The data subject was also concerned that the summons served on him was now a matter of public record in the courts system and he said that it was incumbent on the solicitors to have this matter rectified by requesting the Courts Service to clear his good name. The solicitors immediately indicated their willingness to resolve this matter as sought by the data subject and confirmed that there was no public record of the proceedings in this matter. In the solicitors view, the issue arose as a direct result of the actions of its agent. For this reason, it had been agreed that the agent would make a payment directly to the data subject's solicitor in settlement of the matter and confirmed that this had taken place. Unfortunately, the agent had not made any contact with the data subject or his solicitor on this matter. Soon afterwards the solicitors sent my Office, on their own behalf, a cheque made payable to the data subject to cover the full costs incurred by him in this matter. They stated that they had been misled by the agent who had indicated that the matter had been resolved with the data subject's solicitor. They indicated that, as a result, they had dispensed with the services of the agent with immediate effect. The data subject expressed his satisfaction with the outcome and thanked my Office for helping to bring this matter, which had caused him great distress, to a satisfactory conclusion. This case highlights the distress and inconvenience that can be caused to an innocent individual as a result of the processing of inaccurate personal data. The serving of a summons is a significant action and it can be a matter of great anxiety for an individual to receive a summons, even when that individual is not the legitimate subject of the summons. Greater care should have been taken by all involved in the process of serving this summons.

21/2008 Case study 21: Access is wrongly denied in respect of an accident report I received a complaint from a data subject who had been involved in an accident at work. The data subject had made an access request, under section 4 of the Data Protection Acts, to their employer for a copy of all information held about them, including the accident report form. The employer had not responded to the request within the forty day timeframe specified in section 4 of the Acts. My Office contacted the data controller to enforce compliance with the terms of the access request. The data controller stated that they had passed the request on to their insurance company who were dealing with legal proceedings arising from the accident. My Office pointed out that the obligation to comply with an access request was on the data controller and not on the insurance company. My Office informed the data controller that we were investigating its failure to respond to an access request. The data controller then provided certain documents containing personal data to the data subject. However, it failed to provide a copy of the accident report form. My Office contacted the data controller again to request that the outstanding documents be furnished to the data subject. The data controller responded by claiming a restriction on the right of access under section 5(1)(g) of the Acts based on an assertion that the documents were exempt from disclosure due to legal privilege. This provision restricts the right of access with regard to personal data in respect of which a claim of privilege could be maintained in proceedings in a court in relation to communications between a client and his professional legal advisers or between those advisers. My Office rejected this claim because in this case the accident report was prepared on foot of the legal requirement for an accident report to be created if a workplace injury results in at least three days absence from work. This is set out in Regulation 59 of Statutory Instrument No. 44 of 1993. My Office also rejected claims by the data controller that, as the accident report form was created with the assistance of their legal adviser, it could be withheld on the basis of legal privilege. As a result, the data controller provided a copy of the accident report form to the data subject. While the Data Protection Acts provide for limited, narrow restrictions to the right of access by a data subject to their personal data, this case highlights the fact that my Office will rigorously examine complaints of this nature to establish whether the restriction asserted by a data controller can be legitimately relied upon.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information