Private investigator fined €5,000 for accessing Garda data

Judge finds Michael Gaynor ‘evasive’ and ‘unconvincing’ in evidence

Private investigator Michael J Gaynor of Beatty Grove, Celbridge, Co Kildare pictured  in July after he appeared before the Dublin District Court on charges of breaking data protection legislation. Photograph: Collins Courts
Private investigator Michael J Gaynor of Beatty Grove, Celbridge, Co Kildare pictured in July after he appeared before the Dublin District Court on charges of breaking data protection legislation. Photograph: Collins Courts

A private investigator has been convicted on two charges of illegally obtaining information from the Garda Pulse system and fined a total of €5,000.

Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court facing a prosecution by the Data Protection Commissioner.

Mr Gaynor (62), a former garda, faced three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003.

He was convicted on two of those charges and fined €2,500 for each offence.

READ SOME MORE

Some 72 criminal charges in total against Mr Gaynor related to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB.

A total of 69 were taken into consideration in sentencing.

Remy Farrell SC for the Data Protection Commissioner told the court Mr Gaynor had provided tracing reports to three credit unions - in Balbriggan, Lucan and Citybus Credit Union - on individuals they hoped to take action against for non-payment of debts.

He had allegedly obtained the information from Detective Garda Paul Cullen, a member of the Garda National Immigration Bureau, who had “little cause to be accessing information” on the three individuals concerned between May and October of last year.

The court heard that three tracing reports provided to credit unions contained information such as names, addresses, vehicle registration details and, in the case of one of the individuals, information on a drink-driving conviction.

In the case of each of the three reports, information in them coincided with information accessed on Garda systems a few days earlier by Det Garda Cullen.

Assistant data protection commissioner Tony Delaney told the court when he conducted an interview with Det Garda Cullen at the GNIB headquarters on March 18th 2014 using his powers under the Data Protection Acts, the garda had admitted accessing all the records on the individuals concerned.

After questioning Det Garda Cullen, who was giving evidence for the prosecution, for several minutes, Mr Farrell made an application to have him treated as a hostile witness and this application was granted.

Under questioning, the detective contended Mr Gaynor, with whom had served as a garda for about 20 years, was in fact an “informal informant” who would telephone him from time to time with information about individuals who may be “of interest” to An Garda Síochána.

He said he may have “inadvertently” disclosed information to Mr Gaynor after the private detective contacted him in this context, but that he never provided information directly from the screen in front of him when logged into either the Pulse or GNIB databases.

Mr Cullen said that when Mr Gaynor had given him a name, an address or a car number, he would immediately check them on one of the systems available to him.

“He was offering me information,” the garda said.

He said he did not confirm any information to the private detective other than to tell him it was “not of interest to the gardaí”.

Giving evidence, Mr Gaynor denied obtaining information from Det Garda Cullen and said he had obtained information on the individuals concerned by speaking to other individuals, including neighbours in the case of one of them.

In the case of an individual referred to as LO, Mr Gaynor said he had gained information, including the fact that the person had a previous conviction, from speaking to the person’s former partner.

He denied accessing any information stored on Pulse.

In the case of one of the three individuals in the tracing reports, Mr Gaynor said he believed the individual might have been “misleading” the authorities about his nationality and that he believed this might be of interest to gardaí, which is why he called Det Garda Cullen. In the case of one of the other individuals, he believed the person might be involved in criminalityand that this might be of interest to gardaí.

Mr Farrell said it was an “unfortunate coincidence” that there was no mention made in any of the three tracing reports for the credit unions of his contacts with An Garda Síochána.

He suggested to Mr Gaynor that the reason for this was that he “knew full well it was untoward”.

Mr Gaynor said that was incorrect.

Judge John O’Neill said that in his view Mr Gaynor had not given convincing evidence of why he was contacting a serving garda. He said the witness had been “evasive” and “unconvincing” in his responses.

Judge O’Neill also said he did not find Det Garda Cullen “a credible witness in any way”.

Assistant data protection commissioner Tony Delaney told the court he first came across Mr Gaynor’s name while carrying out an audit at St Mary’s Parish credit union in Limerick on August 15th last year.

While there, he came across tracing reports (used to track down people who owed money to the credit union) bearing Mr Gaynor’s name. He had asked where the credit union had heard of Mr Gaynor and was told it had been from Balbriggan credit union.

A few weeks later, Mr Delaney was in Ashbourne credit union and found other tracing reports by Mr Gaynor. They contained a “huge amount” of information he would not expect to be in a tracing report, including ESB account information. He was very concerned by this.

Mr Delaney also found information on people’s family members and tenants, as well as details of the bill payments.

He established that Mr Gaynor had obtained information by subterfuge from an ESB official he used to deal with when he was a serving garda, but had failed to disabuse the person in question that he was no longer a garda.

The court heard Mr Cullen had faced internal disciplinary action within the Garda as a result of the matters.

In a statement, the Office of the Data Protection Commissioner said its own investigation found “no evidence that any credit union had carried out any due diligence prior to hiring the services of Mr Gaynor”.

“This was a serious deficiency.”

“For the future, credit unions across the State will be expected to undertake appropriate due diligence in advance of passing on any member’s details to private investigators or tracing agents.”

Mr Delaney said he was “very satisfied” with the outcome of the trial.

“In particular, serving gardaí should note from this trial that if they access any Garda database for unofficial purposes they may find themselves explaining their actions in a witness box as well as facing formal interview by authorised officers of the Data Protection Commissioner.”

Mr Delaney said the soliciting of personal data unlawfully from State or other databases by tracing agents was a “serious matter” and that his office would “bring offenders without exception to justice”.