DPA - Crimes
Data processor knowingly disclosing personal information without consent of data controller.
Any person disclosing personal data to a third party without consent of the data controller.
“a data subject whose data has been attacked or copied by a hacker [may] take a civil action against the data controller. There is clearly a premium, therefore, on each data controller taking all reasonable care in relation to personal data (s)he holds.”
Notes:
Exception: agent/employee of controller or processor
Covers intrusion by a cracker. Doesn’t cover employee misconduct. They could sell secrets.
Greg Heylin, Irish Times, May 11, 1997. Spokesperson for the Office of the Data Protection Commissioner.