Data Protection Commissioner Billy Hawkes said new rules on data retention and rights of access . . . agreed in consultation with the Gardai and insurance industry . . . are the first of several sector specific initiatives his office will aim to implement by the end of the year.

"By the end of 2007 we're determined to lay down the dos and don'ts of sharing personal information. . . we want to reduce Data Protection Act principles for certain industries and the Gardai, " said Hawkes.

Next year the commissioner's focus will be on the health sector, while the newly established Private Security Authority is expected to asses data rules amongst private investigators, many of whom work for the insurance industry.

Speaking at the Info Ireland conference in Dublin last week, Commissioner Hawkes said the 2003 Data Protection Act will apply to all manual records next month and urged businesses to assess the necessity of retaining out-of-date or irrelevant documentation.

"There's a trigger point in that everyone runs out of space eventually and unless you have a very good reason for hanging onto this info, you have a good reason to get rid of it, " he said. Hawkes added that many data requests received by businesses and other organisations are from individuals with a grievance or intent on causing nuisance, and pointed out that forcing buiness to trawl through paper records as part of data request can be an unneccessary waste of time.

Currently any data breach in terms of privacy does not have to be made public by the organisation affected, and Hawkes said European Commission proposals to bring data breach disclosure rules in line with the US where all incidents must be reported, are currently under discussion.

"Failure to provide adequate security is not only against the law, it's also a breach of trust with customers. Data security will therefore be an important focus of my office's audit programme over the coming years, " he said.