Cc: Mr Billy Hawkes,
Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois.

Dear Mr. Kelly:
I am writing in response to your letter of February 22nd regarding the theft of a computer on which my personal records were stored.

I have a number of questions to which I require answers. Unfortunately the staff member on the IBTS information line was unable to answer any of the questions. I respectfully request that my questions are not answered by multiple agents of the IBTS including press agents and functional managers and prefer a written response from you directly.

Regarding the use of personal records:
When I submitted my personal records to the IBTS to facilitate donation of blood products I was not informed that these records could be used for software development and/or testing. Have my records been used for any other purpose other than to facilitate donation of blood products at IBTS clinics?
Why was un-anonymised production data being used for a development/testing activity in contravention to the IBTS’s stated Data Protection policy, Privacy statement and Donor Charter and in breach of section 2 of the Data Protection Act?
Was the use of real data (as opposed to dummy or pseudo data) a requirement of the software development project being undertaken by the NYBC? If not why was real data used? Could this software development project have been completed using anonymous medical data? If not why not?

Regarding the transfer and transport of personal records:
Why was the data being transported on a computer laptop? Why was the data not secured onsite at IBTS or NYBC offices?
Who authorized the transfer of the personal records outside of the EU?
Was the transfer of the personal records strictly in compliance with all data protection laws in the Republic of Ireland and the European Economic Area? If yes, was this transfer confirmed to be in compliance before or after the transfer took place?

Regarding the data files (personal records) and encryption of same:
What file format was used to store the data on the CD-ROM? What file format was used to store the data on the laptop?
What software application was used to encrypt the data?
When the laptop was stolen was the CD-ROM containing the data stolen also?
At the time of the theft was the data stored on both the CD-ROM disc and the laptop?
During the course of the software development work was it necessary to un-encrypt the data? If yes was unencrypted data stored in any place (including cache files or memory page files) on the laptop hard-disc?
At the time the laptop was stolen were there any unencrypted records stored on the laptop in any format?
If the laptop at any time contained unencrypted data containing personal records was this data deleted? How was it deleted? Was the data wiped from the hard disk of the laptop or was it moved to a ‘recycle bin’ (assuming the Microsoft Windows Operating System was installed on the laptop)?

Paragraph 3 of your letter is unclear. I would like a full explanation of why data was first encrypted on the CD-ROM, transferred to a laptop and then re-encrypted. Are you suggesting that the data was encrypted twice? Are you stating that at no time was the data unencrypted on the laptop?

Regarding the password used for the encrypted data:
Can the IBTS confirm that the password was not stored in any location on the laptop or in any case/packaging that was stolen with the laptop?
Is the IBTS satisfied that the password used can withstand a ‘brute force’ or ‘dictionary’ based attack? If yes on what basis does the IBTS form this opinion?
How many people know the password?
Can the IBTS and/or NYBC confirm that the password was what is commonly known as a ‘strong’ (high-entropy) password that used non-sequential and random ASCII characters not limited to letters and numbers?
Did the password meet the IBTS and NYBC security policies for passwords?
Was the password a system-created random password or was it created by a person in the IBTS or NYBC?
Is the password unique to the data on the CD-ROM and laptop or it is in use for other data/applications/purposes?

I remain extremely concerned, despite your assurances to the contrary, that in the future this private data could be made publicly available and cause me to suffer financial loss or loss of reputation. What is the IBTS plan to indemnify people whose personal records were stored on the stolen laptop?

I wish to make an access request under the Data Protection Acts 1988 and 2003 for a copy of any information you keep about me, on computer or in manual form. I am making this request under section 4 of the Data Protection Acts.

Thank you for your assistance. I look forward to hearing from you.
Yours sincerely, etc

I do agree that the only polite response to the letter from the CEO is a letter to the CEO. If you copy it to his new best friend the Data Protection Commissioner it would be even more polite. Sending it registered post to make sure it gets to him would cap the politeness off in a manner that would satisfy the most pernickity of social etiquette gurus.

That would be:

Mr Billy Hawkes,
Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois.

I can be a pedantic git if I want. If the Chief Executive wants to write to me the least I can do is respond. It’s only good manners after all . . .

remind me not to contradict you in a pub quiz. You strike me as a person who doesn’t get mad but gets even… I feel somewhat out-pedanted.

Would it be OK for me to reformat and publish the text of your letter as a standard form document that any visitor to this site might choose to send to the IBTSB?

Just to save people the hassle and all.

Not for any divilment. I swear. Honest.

(I particularly like the fact that you request manual data as well… it may not have registered with the IBTS that since the 27th of October last that that stuff in the filing cabinets they have also fall under the remit of the DPA…)

Mr. Andrew Kelly
Chief Executive
Irish Blood Transfusion Service
National Blood Centre
James’s Street
Dublin 8

Dear Mr. Kelly:
I am writing in response to your letter of February 22nd regarding the theft of a computer on which my personal records were stored.
I have a number of questions to which I require answers. Unfortunately the staff member on the IBTS information line was unable to answer any of the questions.
When I submitted my personal records to the IBTS to facilitate donation of blood products I was not informed that these records could be used for software development and/or testing. Have my records been used for any other purpose other than to facilitate donation of blood products at IBTS clinics?
Why was un-anonymised production data being used for a development/testing activity in contravention to the IBTS’s stated Data Protection policy, Privacy statement and Donor Charter and in breach of section 2 of the Data Protection Act?
Was the use of real data (as opposed to dummy or pseudo data) a requirement of the software development project being undertaken by the NYBC? If not why was real data used? Could this software development project have been completed using anonymous medical data? If not, why not?
Why was the data being transported on a computer laptop? Why was the data not secured onsite at IBTS or NYBC offices?
Who authorized the transfer of the personal records outside of the EU?
Was the transfer of the personal records strictly in compliance with all data protection laws in the Republic of Ireland and the European Economic Area? If yes, was this transfer confirmed to be in compliance before or after the transfer took place?
What file format was used to store the data on the CD-ROM? What file format was used to store the data on the laptop?
What software application was used to encrypt the data?
When the laptop was stolen was the CD-ROM containing the data stolen also?
At the time of the theft was the data stored on both the CD-ROM disc and the laptop?
During the course of the software development work was it necessary to unencrypt the data? If yes was unencrypted data stored in any place (including cache files or memory page files) on the laptop hard-disc?
At the time the laptop was stolen were there any unencrypted records stored on the laptop in any format?
If the laptop at any time contained unencrypted data containing personal records was this data deleted? How was it deleted? Was the data wiped from the hard disk of the laptop or was it moved to a ‘recycle bin’ (assuming the Microsoft Windows Operating System was installed on the laptop)?
Paragraph 3 of your letter is unclear. I would like a full explanation of why data was first encrypted on the CD-ROM, transferred to a laptop and then re-encrypted. Are you suggesting that the data was encrypted twice? Are you stating that at no time was the data unencrypted on the laptop?
Regarding the password used for the encrypted data:
Can the IBTS confirm that the password was not stored in any location on the laptop or in any case/packaging that was stolen with the laptop?
Is the IBTS satisfied that the password used can withstand a ‘brute force’ or ‘dictionary’ based attack?
How many people know the password?
Can the IBTS and/or NYBC confirm that the password was what is commonly known as a ‘strong’ (high-entropy) password that used non-sequential and random ASCII characters not limited to letters and numbers?
Did the password meet the IBTS and NYBC security policies for passwords?
Was the password a system-created random password or was it created by a person in the IBTS or NYBC?
Is the password unique to the data on the CD-ROM and laptop or it is in use for other data/applications/purposes?
What is the IBTS plan to indemnify people whose personal records were stored on the stolen laptop? I am concerned, despite your assurances to the contrary, that in the future this private data could be made publicly available and cause me to suffer financial loss or loss of reputation.
I wish to make an access request under the Data Protection Acts 1988 and 2003 for a copy of any information you keep about me, on computer or in manual form. I am making this request under section 4 of the Data Protection Acts.
Thank you for your assistance. I look forward to hearing from you.

I got a letter myself. Which confused me greatly because I didn’t give blood at all in the latter half of 2007 (no real excuse - just couldn’t prioritise it) and I don’t recall having had any blood tests in the latter half of 2007… I tend to be a fairly healthy bunny.

So, assuming that I’m right and my donation records shouldn’t have been updated during the period that the IBTSB says they took the data from…

… WHAT THE F**K WAS DATA ABOUT ME DOING IN NYC?

I share your anger. I suggest that you annoy the hell out of them by formally requesting a copy of all data they hold about you. Will only cost about €6.00 and they must respond within 40 days with data in an intelligble format.

That’s what I’ll be doing.

Right now I’m extremely angry. I cannot believe the crass stupidity and complete disregard for my privacy.

The IBTS came back later in the programme with a incomprehensible explanation in a follow up statement. They weren’t questioned on it.

I now can’t find that explanation to reproduce it on the Drivetime website.