Having read today's Derry Journal I am deeply concerned by the statement on the front page in relation to the alleged “questionable messages” sent by the current SDLP Councillor Jimmy Carr.
Rumours of this nature have been circulating for days with the electorate in limbo as to the nature of the accusation levelled against Councillor Carr. Todays statement from the SDLP is wide open to interpretation and has served only to fuel further speculation in that it lacks substance and clarity.
I don’t feel that anyone should indulge in trial by media and I am a firm believer in innocent until proved otherwise. However I do find it difficult and quite disconcerting to accept the suggestion that a stranger may have been able to access the City Council’s email system, if this was the case. I am confident to access council email would require more than one password for security purposes given the sensitive and confidential nature of Council related correspondence. In light of the ambiguity around this issue we, the wider public can only postulate these messages were sent via Councillor Carr's Council email otherwise the current fuss would stem solely around the misuse use of council property which seems highly unlikely.
Then in a startling development, in a tweet from Councillor Carr he claims the following.....
This tweet would suggest through carelessness Councillor Carr may have acted in breach of the 1998 Data Protection Act. The i-cloud account referred to in the tweet enables people to store different types of data such as photos, apps, contacts, documents, etc.
Councillor Carr’s tweet also contradicts the statement in today's Derry Journal. If the issue is in relation to a Council owned i-pad, why is Councillor Carr saying this matter stems from an i-phone he sold and a possible DCC security breach?
The Data Protection Act controls the use of personal information by organisations, businesses or the government. Responsibilities for handling personal data include ensuring that data is used fairly and lawfully in accordance with data protection rights and that such data is kept safe and secure.
A breach of the data protection act is taken very seriously as was witnessed in a recent case.
“A government department has been fined £185,000 for a “very serious data breach” involving personal details of a terror incident. The Information Commissioner’s Office (ICO) fined the Department of Justice Northern Ireland for selling a filing cabinet containing the sensitive information at a public auction.”
If Councillor Carr has sold a phone that has allowed access to confidential documents and personal information this is more than the ‘storm in a teacup’ as he has suggested the matter is.
In an article published in Public Technology.net dated Wed, 23/04/2014 I learned that.... “Half of public sector organisations are unaware of a proposed European regulation which would increase data protection requirements and increase the level of fines for breaches to €1 million, according to a new survey.”
In light of this incident it would seem that with the level of contradiction and ambiguity around this matter, Derry City Council, and individual Councillors would need to review their compliance with Data Protection guidelines and legislation. In the event a heavy fine is levied if a breach of Data Protection legislation is found to have taken place will the ratepayer once again have to foot the bill for Council and / or Councillor failings?
The immediate question that needs to be asked of Councillor Carr and Derry City Council is what other files and communications have been compromised?
Over to you Derry City Council and SDLP????????