Data breached at Independent News & Media (INM) in 2014 may have contained a “significant volume” of information obtained by journalists, including data identifying sources, an unpublished report by the State’s privacy watchdog has found. The report by the Data Protection Commission (DPC) found that the information accessed during a “data security incident” in late 2014 may have included “sensitive personal data” and “confidential information including information identifying or provided by confidential journalistic sources, or investigative material not intended for publication”. INM said that the information could have included “sensitive personal data”. “For a data controller not to know whether it holds sensitive personal data in the first place is indicative of systemic deficiencies in its approach to data protection,” said the commission. The fact that INM could not confirm definitively to the DPC whether the affected data was sensitive personal data “indicates an alarming lack of awareness by INM around its own collection, processing, keeping, use and (likely) disclosure of personal data,” the regulator said.

Source: The Irish Times June 01, 2021 00:00 UTC