How PixAlert can fix the Recent Fada SAR issues!!
Recently we have been made aware of an investigation that the Data Protection Commission (DPC) are conducting with regards to several Irish government organisations refusal to correct a specific but common GDPR breach.
The Issue was a simple one – Irish television producer Ciaran Ó Cofaigh filed a complaint with the DPC due to the fact that the síneadh fada was not recognisable by software used in the HSE’s administration staff. The síneadh fada, for any non-Irish readers, is an acute accent and is the only form of diacritic mark in Irish Gaelic.
This complaint is an interesting one and raises some critical questions with regards to GDPR legislation.
Mr. Ó’Cofaigh raised the issue as being a breach of Article 16 of the General EU GDPR. This outlines the obligation of the “right to rectification” for those retaining data on individuals. In a nutshell, this means organisations must amend any information that they are holding that subjects believe to be inaccurate or incomplete and such rectifications should be conducted in a timely manner.
The core argument put forward by Ó’Cofaigh is that the presence of the fada is not an option, it is a core component of his name and without the fada, it represents an inaccurate representation of his personal data. Put simply, Mr Ó’Cofaigh contends his name is not his name without the inclusion of the fada!
This issue is larger in scope than initially it seems. Many national languages contain forms of accents such as the German Umlaut and the French Cedilla, meaning large volumes of data will be viewed as incorrect according to GDPR. A ruling in the complainant’s favour would mean both public and private Irish companies open to requests to take corrective measures, not just in terms of accents such as the fada, but for general accuracy around data held on networks.
PixAlert is an Irish company creating software to help organisations reduce the workload involved in DSAR’s (Data Subject Access Requests) and integral part of GDPR and the right of every individual. The decision against Mr. Ó Cofaigh undermines the efforts by Data Protection practitioners to protect Personally Identifiable Information (PII). It means without accuracy or certainty the system fails.
Cyber crime is a billion-euro industry and it all centres around data and its value so it’s no surprise that Personal data is valuable. Finding personal data in any language is the difficult piece of the puzzle PixAlert addresses. But if the data is inaccurate it leaves data belonging people like Mr. Ó Cofaigh vulnerable and at risk.
This case raises questions about the depth of knowledge surrounding organisational awareness of individuals “right to accuracy” under GDPR. As we start to see more and more organisations brought to task over the coming months for sloppy data management, accuracy is an issue that will be raised regularly and should be top of mind for organisations going forward.