SMSs by Social Security Department breach Data Protection

Maltawinds is informed that Social Security Department is using SMS in order to inform persons of details regarding their benefits.  In itself this is a positive note as technology is used to accelerate communication. However, it seems that the Social Security Department System is not properly maintained and details of individuals have been sent to persons not related to the same individuals.

It seems that persons have complained on this yet no remedy was taken in spite of the department acknowledging its mistakes.  Recognising an error is important but remedies should be taken particularly when security of persons has been put at risk  due to unacceptable procedures at the department.

This is yet another case reported to Maltawinds by its readers following a series of reports of different Data Protection breaches. Yet it seems that once again no scrutiny is being done by the Commissioner for Data Protection.  Maltawinds is starting to question whether this office is a mere  lip service to satisfy the EU obligations. So far Maltawinds has reported Data Protection breaches in Public Registry, in Mater Dei Hospital, in State Schools and in private organisations yet no action seems to be taken in all cases by the Commissioner. To the contrary it seems that the Commissioner is in defence of certain breaches by Government entities.

The Commissioner seems to have made a nice show on the photo copy of identity cards by certain departments  and have not clarified how a balance can be achieved with the requirements of the FIAU and anti money laundering legislation. At the same time it is clear that he has not taken any real action in blatant breaches.

The Commissioner for Data Protection should discuss with other organisations in order to ensure visits to organisations and audit their procedures.  This can happen in various manners . Perhaps  the Commissioner should find a mechanism like that found by the MFSA and FIAU in order to have common visits at companies. If the Commissioner for Data Protection teams up with these other two Authorities many businesses may be visited without creating additional administrative burden.  In order to audit Government entities he may team up with the National Audit Office or some other entity. Whatever the mechanisms one may choose the Commissioner cannot keep ignoring the worrying situation that exists in Malta when it comes to Privacy of individuals.