Monday, 5 January 2015

Knowledge is Power: How Data Protection Rules Impact on the Security Industry

Knowledge is Power: How Data Protection Rules Impact on the Security Industry
Oisín Tobin, Senior Associate, Mason Hayes & Curran

Information can be a key security asset. However, it can also give rise to legal challenges, particularly under data protection law. This article considers some of the recent developments in this space.

Background Screening

Many multinational companies based in Ireland seek to ensure effective internal security by conducting background screening of potential employees.

While such background screening is common in the US, it can give rise to some challenges in Ireland.  The lack of a centralised and publicly available criminal record check function in Ireland (save for limited circumstances where Garda vetting is possible) can lead to employers finding novel methods of screening prospective employees.

The Data Protection Commissioner (“DPC”) has, in the past, criticised certain background screening practices. Given the lack of a criminal record check function in Ireland, some employers have taken to requiring that candidates make a “subject access request” to the Gardaí so as to take up a copy of their police file (if any) and then provide that to the prospective employer. While this practice is not explicitly prohibited by data protection law (since the specific section outlawing this practice has never gone into force) the DPC has suggested that it is incompatible with the general data protection principles and is consequently unlawful.  

Engagement of Investigators
The use of private investigators to look into the affairs of certain individuals, often in the context of a business or financial dispute, has recently come under scrutiny by the DPC. Care needs to be taken to ensure that such investigations, or other surveillance, is conducted lawfully and does not infringe the privacy and data protection rights of the person under investigation.

The DPC is applying a zero-tolerance approach to private investigators that breach data protection laws. In the past few years there have been a number of successful prosecutions against insurance companies that used investigators to obtain non-public social welfare information. Additionally, the impending prosecution of Michael Gaynor, a private investigator from Kildare, for alleged breaches of data protection laws is evidence of the willingness of the DPC to take an aggressive approach when dealing with private investigators

All contracts between an investigator and their client need to contain certain provisions dealing with the security of the information obtained by the investigator. Additionally, an investigator needs to consider the period for which they can retain their file following the conclusion of the investigation.


The contents of private investigator’s reports can be commercially sensitive and one is unlikely to want to share such reports with the person under investigation. However, we have seen an increasing trend of individuals making “subject access requests” against clients who commission such reports (particularly financial institutions). 

In Case Study 13 of the 2011 DPC Annual Report, the DPC responded to a complaint by a former employee of HSG Zander Ireland Ltd (“HSG”). In this case HSG refused to disclose a security report compiled by a private investigator for HSG, citing litigation privilege. However, following correspondence with the DPC on this matter, HSG decided to release the report to the former employee.

This case is indicative of the tough line taken by the DPC on this point. The DPC has directed that, as a general principle, where a subject access request is made, the contents of investigators’ reports should be disclosed to the person under investigation. This state of affairs needs to be considered and addressed by investigators as the reports they prepare into incidents and individuals may very well need to be turned over to the person under investigation.


Remote surveillance plays a key role in ensuring the security of assets and employees. However, to the extent that identifiable individuals appear in CCTV images, those images may be “personal data” and protected by the Data Protection Acts. Consequently, security professionals need to have regard to data protection considerations when designing and operating CCTV surveillance systems.

The transparency principle in the Data Protection Acts requires that the purpose of CCTV surveillance be disclosed to employees. In particular, if cameras are being used for staff monitoring, this fact must be drawn to the employees’ attention. Similarly, hidden cameras should generally not be used unless they are necessary to actively investigate potential criminal wrongdoing. Employers should also bear in mind that, as CCTV images can constitute personal data, it may be necessary for such footage to be handed over in response to a subject access request. The use of CCTV footage for disciplinary purposes can be a fraught topic. Misuse of such images can potentially derail disciplinary proceedings.

In Case Study 10 of the 2008 DPC Annual Report, an employer used CCTV to monitor its employees’ workplace attendance, and sought to use such evidence to justify disciplinary proceedings. The employees were never informed that the cameras would be used for staff monitoring. The DPC intervened and the employer had to drop the disciplinary proceedings.

It is vital that an employer intending to use CCTV footage for staff monitoring informs its staff of this intention. While such an announcement may give rise to a complaint, particularly by workers’ representatives, concealing the intention is self-defeating. If an employer is not upfront, not only may they encounter grave difficulties in using any CCTV footage in disciplinary proceedings, but also they may, by engaging in unfair processing, find themselves to be in breach of the Data Protection Acts.
General Data Protection Regulation
A new European Regulation, the “General Data Protection Regulation”, is currently being debated in Brussels. This new Regulation is likely to harden significantly existing rules around data protection in a manner which is liable to impact on the security industry in Ireland. These new rules include strengthening the “right to be forgotten”. Perhaps most importantly, the Regulation significantly increases the fines that can be levied for breaches of data protection law: the regulation envisages fines of up to 5% of global turnover for many infractions. This increases the risk to the security industry posed by non-compliance in this space.

In short, the restrictions imposed by data protection law are apt to impact upon operators in the security industry in a variety of ways. Companies in the sector should endeavour to keep abreast of developments in this space, and should endeavour to ensure that their operations are in line with the Data Protection Acts. Failure to do so may lead to enforcement action by the DPC.

ISIA Awards 2014

The Irish Security Industry Association (ISIA) hosted the ISIA Awards on Saturday 1st November at the Powerscourt Hotel.  The awards were attended by over 230 individuals from the private security industry and senior management from a variety of industries.  Also in attendance were members of the Private Security Authority, An Garda Síochána and His Excellency, Dominick Chilcott, British Ambassador to Ireland.  The MC on the night was Sinead Desmond of TV3. 

As pointed out by ISIA President, Sheenagh McCullagh “The ISIA Awards gives us an opportunity to celebrate our industry leaders and their people”.  McCullagh thanked all those members “who came to the event to celebrate their employees success” and she paid tribute to all those who submitted nominations this year.  “It is evidence of ISIA member’s dedication to excellence, that they take the time to consider those individuals and teams that help make their company a leader in the security industry”.  There were ten awards presented on the night. 

The Premier Award
The Premier Award, sponsored by Noonan, was this year bestowed upon Her Majesty Queen Elizabeth II for the contribution that her visit in 2011 and the reciprocal state visit by President Michael D. Higgins to the UK have made to solidify the new era of peace within which we now live.  The award was accepted on her behalf by His Excellency, Dominick Chilcott, British Ambassador to Ireland.  The Ambassador addressed the members of the ISIA and emphasised that he was ‘very proud to collect the award on Her Majesty’s behalf’.  His Excellency finished his speech with the words of Queen Elizabeth spoken during the State Visit of President Michael D. Higgins to the United Kingdom.  “My visit to Ireland and your visit this week, Mr President, show that we are walking together towards a brighter, more settled future. We will remember our past, but we shall no longer allow our past to ensnare our future. This is the greatest gift we can give to succeeding generations."

The Courage Award
This year’s Courage Award was presented to Mark Pollock of the Mark Pollock Trust and was sponsored by G4S.  Pollock was unbroken by blindness in 1998 and went to complete numerous ultra-endurance challenges.  In 2010 Pollock was then left paralysed after falling from a second story window.  Through the Mark Pollock Trust, he is now on a mission to find and connect people around the world to fast track a cure for paralysis.  The President of the ISIA, Sheenagh McCullagh said, ‘Mark is such an incredible man and an incredibly worthy recipient of the courage award.  It was an honour to be able to present it to him’. 

Security Officer of the Year
The award for Security Officer of the Year was presented to Jonathan Waters of Synergy Security Solutions and was sponsored by Arantico.  Waters was presented this award for the exceptional service and outstanding contribution he makes as a store detective at Boots Ireland.  There were also four merit award recipients on the night; Paul Bridgeman, Synergy Security Solutions; Robert Delaney, Synergy Security Solutions; Darragh Lawlor, NOONAN and Micheál Moylan, G4S.

Security Supervisor of the Year
The award for Security Supervisor of the Year was presented to Terence Murphy, Synergy Security Solutions, for the outstanding work he carries out at a multi-national cork based technology company where he supervises a team of officers.  There were three merit award recipients on the night; Adrian Duffy, Synergy Security Solutions; Vitalijus Durkovas, G4S and Warren Humphrey’s, G4S.  This award was sponsored by JW Balfour. 

Event Security Person of the Year
The winner of the Event Security Person of the Year award, sponsored by Hytera and RSP, was Derek O’Rourke, Pulse Security Management, who was specifically nominated for the work he carries out as an Event Security Supervisor at the Aviva Stadium.  Trevor Goode of Brinks Ireland was presented with a merit award for the event security work he carries out for ESB and Croke Park. 

Electronic Security Technician of the Year
The award for Electronic Security Technician of the Year, sponsored by IC Realtime, was presented to Cormac Sullivan of Brinks Ireland who works with a variety of their key clients.  There were three merit award recipients on the night; John Berkery and Billy Hills of Stanley Security and Adrian Jones of MTS Security.

Electronic Security Supervisor of the Year
The award for Electronic Security Supervisor of the Year was presented to Martin Mills of MTS Security who is their Support Desk Supervisor.  There were three merit award recipients on the night; Phil Ledwith and Darren McCormack of G4S and Austin O’Sullivan of Brinks Ireland. 

Innovation in Security
There were four finalists selected for this award; Action Security and Alarm Control 24, All Security Mobile Shredding, Brinks in Partnership with Arantico, and Stanley Security.  .  The award was sponsored by Bosch and the winner was Action Security and Alarm Control 24.  “The submission was based on their development of a nationwide radio network for the monitoring of security systems”, stated Sarah O’Donnell, Communications Director, ISIA.  O’Donnell added “it was clear from the selection process that not only with this development, but in general, innovation is part of the day to day culture of Action Security and Alarm Control 24”. 

ISIA Locksmith of the Year
A customer’s choice award, clients of ISIA members were invited to complete a survey and provide feedback on their locksmith of choice.  Survey respondents were asked to rate their locksmith in terms of customer service, quality of work and technical knowledge.  There were three finalists; Crothers Security, Fogarty Lock and Safe and J. Williams.  The overall winner of this year’s ISIA Locksmith of the Year award was J. Williams. 

Community Contribution Award

Earlier this year Darragh Lawlor of NOONAN played a part in saving his Uncle’s life, who had a heart attack at Ladbrokes in Swords.  Crucial to Lawlor being able to assist with this was a defibrillator held at the Pavilions Shopping Centre where Lawlor is assigned as a Security Officer.  What Lawlor did next was beyond anyone’s expectations.  He recognised how critical the defibrillator had been in saving his uncle’s life and recognised the lack of other defibrillators in Swords.  He set up a Facebook page to raise awareness and campaign to get a Defibrillator for the main street of Swords.  Through his efforts he exceeded his initial goal to get one defibrillator on Swords Main street, but managed to ensure that two were placed in different locations with 24/7 access.  He also arranged for individuals to be trained in the use of the defibrillators.  Lawlor’s efforts not only ensured that his Uncle’s life was saved, but will have the potential to save more lives in the future.  Darragh Lawlor is not only a hero to his family, but a hero to the community of Swords and all who visit there. 

Friday, 18 April 2014

Thinking Holidays? Think Security.

The sun is shining and there is a good chance many of you are heading away for the weekend, the week or starting to think about your holiday plans.  However, when planning a holiday we should also consider the security of our home while away. Here are the top 10 things you should consider when going away:

  1. Ensure you have an alarm system installed by a PSA licensed installer.  Ideally this alarm should be monitored to ensure there is a response in your absence. 
  2. Ensure your key holders know of your plans to be away from home and that they will be in a position to respond should it become necessary.
  3. Notify a neighbour you trust that you will be away so that they are more likely to be aware of unusual activity near your property. 
  4. External lighting should be considered.  A sensor light on approach to access points to your home may be enough to deter a potential burglar.
  5.  Internal lighting.  Having timers on internal lights may also be a good deterrent, making it less obvious that the home is empty for an extended period of time. 
  6. Doors should be fitted with anti-snap locks making it more difficult for anyone to gain access to your home in the first place. 
  7. Consideration should be given to upgrading any windows and doors which may be particularly vulnerable due to their design.  There are a wide range of products available which will allow you to upgrade locks, install security grilles or for glazing reinforcement. 
  8. Don’t leave car keys or other valuable gadgets (tablets, laptops, iPods) within view or in locations that are easily accessible.  Your car is very often the most desirable asset that a burglar can access as a result of breaking into your home.  Consideration should be given to fitting a home safe. 
  9. CCTV is becoming a very popular security option with costs coming down and technology improving.  This provides the option to login remotely and monitor security at your home.  Make sure your CCTV system is installed by a PSA licensed installer. 
  10. Make sure you do a security check before you go away.  Lock away tools and ladders.  Always ensure that there will not be a build-up of post or deliveries in your absence.  Make sure that all of your electronic security is functioning and has been properly maintained. 

To check that your security provider holds a license or to find licensed security service providers, visit the Private Security Authority’s website or contact the Irish Security Industry Association Tel: 01-4847206 or

For assistance with identifying the right security provider for your needs please use the find a supplier section of the ISIA website.  

About the Irish Security Industry Association (ISIA)
The ISIA was established in 1972 and represents security companies across eight divisions of private security.  The members of the ISIA are representative of approximately 70 per cent of both the turnover and the employees in the industry.  The ISIA represents over 90 per cent of the cash-in-transit industry.  

New Standard for CCTV & Alarm Monitoring

The new standard for the licensing of CCTV Monitoring Centres and Alarm Monitoring Centres entitled "PSA Licensing Requirements - CCTV Monitoring and Alarm Monitoring Centres (PSA 33:2014)" has now been published.  

Read the full story here.  

ISIA Re-elects First Female President

The members of the Irish Security Industry Association re-elected its first female President, Sheenagh McCullagh, for a second year at the ISIA's AGM earlier this month.  Alan Durnan, of Brinks Ireland, was elected as Vice President.

Read the full story here.

Friday, 21 March 2014

Secure Data Destruction Seminar

Secure Data Destruction Seminar 

To launch the introduction of its Secure Data Destruction Division, the Irish Security Industry Association (ISIA) will be holding a seminar on the 26th March at 10am in the Fitzwilliam Hotel on the topic of handling information destruction securely and the associated data protection challenges. 

Entrusting a supplier with sensitive or personal information to be destroyed is a serious decision.  There are numerous concerns associated with the holding of data in your own organisation, never mind the risks when handing over the data, for which you are responsible, to a third party.
During this seminar we will explore the current data protection landscape, the risks and challenges that need to be considered when implementing a best practice data protection policy and finally what you should expect from your disposal partner of choice. 

Managing Data Destruction
Following in the footsteps of its associate, the British Security Industry Association (BSIA), the ISIA has recently introduced a Secure Data Destruction Division.  The Chairman of the division Richard McIlwaine-Biggins stated that, “by bringing together key players in the industry we plan to raise standards in this sector, protect end users of information destruction services and ultimately protect the individuals and businesses whose personal and sensitive information may be contained in hard or soft copy”.

Seminar Details
Date: Wednesday 26th March 2014
Venue: Fitzwilliam Hotel, Dublin 2
Time: 10:00 – 12:00
Alan O’Grady, Data Protection Commissioner’s Office
Dr. John Ghent, Director, Sytorus
Richard McIlwaine-Biggins, SDD Chairman, Irish Security Industry Association

How to Book
The seminar is FREE to attend, but we ask delegates to please reserve their place in advance by emailing or call 01-4847206.  Further information is available at

For further information please contact:
Sarah O’Donnell, Communications Director
Telephone: 01-4847206/Mobile: 087-2229127

Friday, 28 February 2014

Security Conference at FM Ireland 5-6 March 2014

Security is a big part of the facilities management mix.  Therefore, it should be no surprise that this area of FM is extensively covered at FM Ireland being held on the 5-6 March 2014 in the RDS, Dublin.

Make sure to stop by and visit the ISIA at stand E14 and there will a range of security topics covered as part of the ISIA supported Security Conference Stream.

To find out more click here.