HSC has been sanctioned by the Data Protection Authority again, this time for “systemic issues” in the way it handles Data Subject Access Requests.
The ODPA said it has received “multiple complaints” from people who had asked HSC to release data about themselves relating to Children and Family Community Services.
These type of requests make up a large portion of the DSARs submitted to HSC but the ODPA said it has made repeated mistakes in dealing with them.
The latest complaints related to HSC’s failure to comply with the data access requests within the designated time frame.
HSC has previously been sanctioned by the ODPA for various other compliance concerns.
During its latest inquiry, the ODPA found that HSC has stopped using an administrative document that had been developed to help improve the way it handles data access requests.
HSC cited “significant resource constraints” as the primary reason why it had dropped this tool, and said other additional measures had been put in place instead.
HSC also claimed that its compliance challenges were a result of being under-resourced.
The ODPA said “where there is a clear ongoing issue with compliance, the controller should review their current structure, resourcing and processes and identify points of weakness. Addressing these weaknesses should be treated with the appropriate level of priority to improve compliance and ensure issues are addressed in a timely manner.”
