Irish genealogy website leaks personal data
25 July 2014
The Irish government's genealogy website has been partially shut-down after it became clear sensitive personal data was being exposed.
Irish Genealogy offered people the ability to research their heritage using civil records, including birth and marriage certificates. The search facility, launched on 3 July, was forced to close just a few weeks later when it became clear that children names, birthdates and mother's maiden names - information typically used in password confirmation - was available online.
That information has always been publicly available, but each search previously required a fee. In addition to breach-of-privacy, free online searches offered the potential for identity theft by matching records from other sources. It was also quite likely in breach of Irish employment law, which protects employees' privacy rights.
Data Protection Commissioner Billy Hawkes said the situation was "a cock-up".
"We had been consulted on it in the context of putting on the registers which were over 100 years old – that would be fine. But this was a total shock to us" Mr Hawkes told the Irish Times. He expressed concern that "from the identity theft point of view", details such as mothers’ maiden names and dates of birth were on the site "for all to see".
Big Data in Web design is clearly a desirable thing. But it requires careful planning and monitoring in order to avoid the compromise of individuals' right to privacy.