Back

Blogs

Ethical phishing in the NHS

View All

Case Studies

Princess Alexandra Hospital NHS Trust

View All

Upcoming Events

WEETF: Next steps for retail energy markets in the UK

View All

Webinars

New Webinar Coming May!

View All

Thoughts

DCENR Case Study

6th Sep, 2015

Client: Department of Communications, Energy and Natural Resources (DCENR)

Title: Privacy Impact Assessment – National Postcodes Project

Our Service: Consultancy

The Challenge

The Irish government introduced a national system of postcodes (known as ‘Eircodes’) and initiated a programme to allocate a unique, non-sequential Eircode to each address point in Ireland. The responsible government department, the DCENR commissioned Gemserv to undertake a Privacy Impact Assessment (PIA) to address concerns around citizens’ privacy.

Our Approach

We set out a number of stages to conduct the PIA. The first stage was conducted primarily by means of a desktop review of documents provided by the DCENR. Interviews were then carried out with selected groups of stakeholders who were closely associated with the project.

The second stage involved the completion of a PIA questionnaire, which led to the production of a report linking the assessment to Data Protection Principles.

The last stage was for Gemserv to undertake an assessment of the strategic privacy issues, the extent to which they are capable of causing harm to individuals, and the effect they may have on the prospects for the programme’s success.

The Outcome

Our PIA provided DCENR with a full assessment and report of the findings, and the recommendations for mitigating the identified risks. We advised that the precautionary approach would be to treat the data as personal data, and as a result, the Communications Regulation (Postal Services) (Amendment) Bill 2015 was brought forward and subsequently approved in June 2015, to ensure there is sufficient legal basis on which to process Eircodes.

The DCENR were then in a position to facilitate the project’s progression while minimising the risk of legal or regulatory challenge to it from a data protection perspective.