Dáil Éireann Debate, Tuesday - 17 October 2023
115. Deputy Peadar Tóibín asked the Tánaiste and Minister for Defence further to Parliamentary Question No. 161 of 3 October 2023, if he will provide detail on the nature of the data breaches suffered by his Department; the severity of the breaches; if all individuals whose information was compromised were notified of the breach; if the Data Protection Commission was notified of all data breaches; and if he will make a statement on the matter. [45331/23]
View answerThe majority of data breach incidents that have occurred in my Department since 2018 have related to mis-addressed correspondence by email and post. In most instances, data breaches have involved no risk or a low risk to the data subject. In cases where there was a low risk to the rights and freedoms of a data subject, the Data Protection Commission was notified. A singular case arising in the above similar circumstances, but deemed to be a high risk to the rights and freedoms of an individual data subject, was notified to the data subject and the Data Protection Commission, in line with GDPR requirements.
My Department takes its data protection responsibilities very seriously and makes every effort to ensure that personal data is safeguarded at all times. Technical and organisational measures, as required under GDPR, are implemented to ensure the security and privacy of personal data being processed. Data security and data privacy are central topics of all data protection awareness campaigns rolled out to staff on a regular basis. Also, my Department has a data breach protocol in place for the management of data breach incidents.
