| CARVIEW |
Select Language
HTTP/1.1 200 OK
Date: Sat, 12 Jul 2025 21:05:39 GMT
Referrer-Policy: no-referrer
Cache-Control: must-revalidate, no-cache, private
X-Drupal-Dynamic-Cache: HIT
X-UA-Compatible: IE=edge
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Drupal-Cache-Tags: block_view config:block.block.breadcrumbs config:block.block.mainpagecontent config:block.block.organisations config:block.block.pagetitle config:block.block.sidebarmenu config:block.block.sitemenu config:block.block.tabs config:block.block.userlogin config:block.block.views_block__news_3_block_1 config:block.block.yourdata config:block_list config:easy_breadcrumb.settings config:filter.format.full_html config:system.menu.individuals config:system.menu.organisations config:system.menu.site-menu config:system.site config:user.role.anonymous http_response local_task node:113 node:116 node:137 node:30 node:307 node:396 node:466 node:488 node:55 node:613 node:634 node:639 node:640 node:641 node:65 node:66 node:81 node_view rendered user:43
X-Drupal-Cache-Contexts: cookies:big_pipe_nojs languages route session.exists theme timezone url.path url.query_args url.site user.node_grants:view user.permissions user.roles:anonymous user.roles:authenticated
X-Drupal-Cache-Max-Age: -1 (Permanent)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Content-Security-Policy-Report-Only: report-uri /report-csp-violation
X-XSS-Protection: 1
X-Drupal-Cache: HIT
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerpool-DPC-WEB=1694506762.20480.0000; path=/; Httponly; Secure
Strict-Transport-Security: max-age=16070400; includeSubDomains
Set-Cookie: TS01d86fa4=017199450efa671dd89148244ee6d45f03b7a15c671de2bb6a1757170bc045e817432b192ce2699e56f3ffce74faaa02567c3f084362f2223c5a25666a24648384c65cf3d3; Path=/; Domain=.www.dataprotection.ie
Transfer-Encoding: chunked
Inquiry into a Consultancy Provider | Data Protection Commission
Inquiry into a Consultancy Provider
(IN-20-4-8)
Date of Decision: 24 January 2022
This inquiry was commenced in respect of a personal data breach that the Personal Injuries Assessment Board (‘PIAB’) reported to the Data Protection Commission on 10 December 2019. PIAB is an independent statutory body that deals with personal injury claims. The personal data breach occurred when a Consultancy Provider sent an unencrypted USB storage device, containing personal data to PIAB, despite PIAB expressly stating the data was not to be sent. The Inquiry considered whether the Consultancy Provider had complied with its obligation to implement an appropriate level of security under Article 32 GDPR.
- The decision found that the Consultancy Provider had infringed Article 32(1) GDPR by failing to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by its processing of personal data.
The corrective powers exercised:
- The decision issued the Consultancy Provider with a reprimand in respect of the infringement.
For more information, you can download a copy of the full decision at this link: A Consultancy Provider January 2022 (PDF, 947 KB).