'Drastic action' for companies that retain copies of identity cards

Data Protection Commissioner Saviour Cachia warned he would take drastic action against companies who keep copies of people's ID cards. 

"While companies are allowed to keep records of ID numbers for audit purposes, keeping copies of physical ID cards is an absolute no-go and must stop at all costs," Cachia said.

The Commissioner was addressing a conference of data protection officers working in the public sector at the Le Meridien hotel on occasion of EU Data Protection Day.

Listing complaints recently filed to his office, Cachia said that he had been informed that a particular government entity was using documents containing personal details as rough paper. Another incident involved the “unauthorized disclosure of details in personal files”.

“These are serious problems and I ensure you that the respective departments were admonished seriously,” he said.

Another complaint was the unauthorized disclosure of details in personal files and the misuse of information by data processors. 

"In the particular complaint I received, the data controller said that the data processor was at fault. However the law is clear - the data controller is responsible for the use of data by a processor and a fine will be issued."

Cachia also warned of "silly mistakes" such as personal correspondence arriving at the wrong address, as well as application forms getting lost.

The conference was also addressed by civil liberties minister Helena Dalli, who claimed that “the fundamental right to privacy is of the essence” for the government.

She announced that she will soon appoint a working group, intended to transpose legislation from the soon-to-be adopted EU General Data Protection regulation, that will oblige all government entities to employ their own personal data protection officer.