The Irish government introduced a national system of postcodes (known as ‘Eircodes’) and initiated a programme to allocate a unique, non-sequential Eircode to each address point in Ireland. The responsible government department, the Department of Communications, Energy and Natural Resources (DCENR) commissioned Gemserv to undertake a Privacy Impact Assessment (PIA) to address concerns around citizens’ privacy.
We set out a number of stages to conduct the PIA. The first stage was conducted primarily by means of a desktop review of documents provided by the DCENR. Interviews were then carried out with selected groups of stakeholders who were closely associated with the project.
The second stage involved the completion of a PIA questionnaire, which led to the production of a report linking the assessment to Data Protection Principles.
The last stage was for Gemserv to undertake an assessment of the strategic privacy issues, the extent to which they are capable of causing harm to individuals, and the effect they may have on the prospects for the programme’s success.
Our PIA provided DCENR with a full assessment and report of the findings, and the recommendations for mitigating the identified risks. We advised that the precautionary approach would be to treat the data as personal data, and as a result, the Communications Regulation (Postal Services) (Amendment) Bill 2015 was brought forward and subsequently approved in June 2015, to ensure there is sufficient legal basis on which to process Eircodes.
The DCENR were then in a position to facilitate the project’s progression while minimising the risk of legal or regulatory challenge to it from a data protection perspective.