The Data Protection Commission (DPC) has said “a data security incident” at the media company in late 2014 “concerned the processing of personal data” held within its internal IT and backup systems that was “not in compliance with data protection law”. The commission said the adverse findings against the company were contained in a final investigation report that it sent to the media company on Wednesday. The 2014 data breach led to disclosures by two internal whistleblowers, an investigation by the State’s corporate watchdog and the appointment of two High Court inspectors. However, the data protection regulator’s investigation could, under law, not making findings against any individuals, just the company as “data controller”. The DPC said the investigation, which commenced in June 2018, “has now concluded with the provision of the final investigation report to INM”.

Source: The Irish Times February 05, 2021 17:35 UTC