Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 25 May 2018 - onwards
  Version 2 of 2    

144. Unauthorised disclosure by processor

(1) Personal data processed by a processor shall not be disclosed by the processor or by an employee or agent of the processor, without the prior authority of the controller on behalf of whom the data are processed.

(2) A person who knowingly or recklessly contravenes subsection (1) shall be guilty of an offence and shall be liable -

(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months or both, or

(b) on conviction on indictment, to a fine not exceeding €50,000 or imprisonment for a term not exceeding 5 years or both.

(3) Subsection (1) does not apply to a person who shows that the disclosing concerned was required or authorised by or under any enactment, rule of law or order of a court.