Department of Finance feared publishing even anonymous list of ministerial pensions amid concerns over data breach

THE Department of Finance was worried it couldn’t even publish an anonymised list of pensions for former ministers and officeholders because it would be too easy to identify them.

Each year, the Department had printed a list of former taoisigh, ministers, presidents, along with other ex-officeholders and how much they received in their annual pension.

However, the 2017 list was never published due to concerns over data protection and that even an anonymous list could create a breach.

Internal emails reveal how concerns were first raised early in the summer after their ongoing publication was raised at a GDPR meeting.

The pension details always “attract great media interest”, one email said.

“At a recent GDPR course it was suggested that we shouldn’t actually be doing this as we would be releasing the name and gross amount paid and in breach of GDPR,” wrote an official.

Consideration was given to whether some other form of publishing, either anonymously or in aggregate for groups like former Taoisigh, ministers, presidents, or other officeholders.

In a later email, the Department of Finance data protection officer Colm O’Neill said: “Appreciate if we could have a chat about this publication given that it identifies individuals – I’m not aware of any legal basis for processing this personal data.

“Even if the names of the individuals were anonymised, it wouldn’t be that difficult to identify the former office holders if compared with last year’s publication.”

Mr O’Neill said that the Department of Finance were not even the controller of the pension data and were taking it from their sister department the Department of Public Expenditure.

Discussion between officials also raised the possibility that figures for previous years – which remain on the department website – might have to be deleted too.

In one email, an official said: “My initial view would be that unless someone can identify a lawful basis to publish the data, it shouldn’t be published and anything up already should be removed.”

In later correspondence, the Department said that the introduction of GDPR [the General Data Protection Regulations] in May had changed things dramatically.

“What applied before 25 May and what applies now are two very different things,” said an email.

As the deadline for publishing the Department’s Finance Accounts for 2017 approached in late July, the Department were still unsure what to do about the pension figures.

However, on July 27, it was confirmed that the figures – which had been available online dating back to 2009 – would not be made public.

An email said the information constituted “personal data” and that the ex-politicians and officeholders involved should not be made identifiable in this way.

A message from Helen Codd, the data protection officer of the Department of Public Expenditure, said their legal advice was that publication had to be halted.

“I … would appreciate if the practice of issuing this material with the Finance Accounts as a matter of routine ceases with immediate effect,” she wrote.

The email explained that if the material was subsequently sought under FOI, it would be dealt with “appropriately at that time”.

In a statement, the Department of Public Expenditure said: “Due to the implementation of the General Data Protection Regulations it is our view that the data referenced … [can] no longer be published.”

The Department of Finance said the pension figures were not held by them and it was not for them to release.