BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
 |
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | |
Irish Data Protection Commission Case Studies |
||
|
You are here: BAILII >> Databases >> Irish Data Protection Commission Case Studies >> Case study 8: Veterinary practice discloses dog owner's personal data [2011] IEDPC 8 (2011) URL: http://www.bailii.org/ie/cases/IEDPC/2011/[2011]IEDPC8.html Cite as: [2011] IEDPC 8 |
||
[New search] [Help]
In October 2010 I received a complaint from an individual who alleged that a veterinary practice had disclosed her personal information, i.e. her name and address details, to a third party, namely the original owner of a stray dog that she was now in possession of. In her complaint she explained that when the dog was found its original owner had been contacted using the information logged in connection with its identity microchip and that he had indicated that he did not want the dog returned. Following this, she said that the microchip and ownership details of the dog transferred to her. She indicated that all of these matters were conducted by her local vet (who was not the subject of this complaint). The complainant stated that she subsequently received a letter addressed to her at her home address from the dog's original owner. This letter included a request by the previous owner to meet with her and the dog and it enclosed records of the dog's medical history as compiled by the previous veterinary practice which the dog had attended. The complainant alleged that the previous veterinary practice had breached her data protection rights by disclosing her name and address to the original owner of the dog.
This matter was investigated with the veterinary practice complained of and we sought an explanation for the alleged disclosure of personal data. The veterinary practice acknowledged that it had searched for the new owner's contact details and had given them to the previous owner. This arose when the previous owner told the practice that he had re-homed the dog, that he wanted to check to see if the new owner had re-registered the microchip in their own name and to ensure that it was no longer registered in his name. The veterinary practice took this to be a reasonable request and it accepted its bona fides. On being notified of our investigation, the veterinary practice realised that the original owner had misrepresented the purpose of his request for information. The new owner's details were not held on the database of the veterinary practice concerned as she was not their client. Instead, the veterinary practice carried out a search using the dog's microchip number on the website www.fido.ie - which is a database of microchipped pets to which veterinary surgeons have access. Having found on the website that the dog's microchip was no longer registered to the previous owner, the veterinary practice informed the previous owner
accordingly and, in that context, it also disclosed the name and address of the new owner.
The veterinary practice said that it was sorry if its actions had created a situation which caused upset to the complainant and stated that it would not have happened had it been advised truthfully of the situation. It stated that as a result of this complaint all staff at the practice are now thoroughly aware of the need for protection of personal data.
This complaint demonstrates the need for data controllers to be aware of their data protection responsibilities, regardless of the situation presented to them. This disclosure of personal data could have been avoided had the veterinary practice simply informed its client that the dog's microchip was no longer registered in his name. There was no justification in this instance for the disclosure of the new owner's name and address details. Data controllers must exercise great caution where they receive requests for personal data of individuals that they are able to access, irrespective of the credibility of the case presented to them by the requester. Having said that we are entirely satisfied that the veterinary practice acted in good faith based on the information provided to it by the dog's previous owner. Equally there was no suggestion during the investigation of the complaint that the dog's previous owner was seeking to act in any untoward manner in relation to the dog's new owner or the dog but rather was simply seeking to arrange contact with his former pet.
