Further to my previous response to Parliamentary Question No. 345 of 3 October 2023, the additional information requested by the Deputy is set out in the table below.
As previously stated, I am advised that the majority of breaches were deemed to be of zero or low risk, and were therefore not required to be notified to the affected data subjects or the Data Protection Commission in accordance with the Data Protection Commission Guidance on Breach Notifications, which is available at the link below.
www.dataprotection.ie/sites/default/files/uploads/2019-08/190812%20GDPR%20Breach%20Notification%20Quick%20Guide.pdf.
There was one data breach which was deemed by my Department to meet the threshold for notification to the data subjects and referral to the Data Protection Commission. The notifications for that breach were carried out promptly and the case was resolved quickly to the satisfaction of the data subjects and the Data Protection Commission.
Year
|
Detail on nature of breaches
|
Severity of Breach
|
Have individuals been notified?
|
Was Breach reported to the Data Protection Commission?
|
2023
|
Premature release of board appointees to incoming Chairperson of Údarás na Gaeltachta, which is now in public domain
|
Zero risk
|
N/A
|
N/A
|
|
Inadvertent release of personal data relating to 17 households, to each of those households.
|
Medium risk
|
Yes
|
Yes
|
|
Supplier and staff data sent in error to individual in the Government's National Shared Service Office (NSSO).
|
Low risk
|
N/A
|
N/A
|
|
Interview board schedule issued to incorrect interview board
|
Low risk
|
N/A
|
N/A
|
2022
|
Stolen laptop, which was encrypted
|
Zero risk
|
N/A
|
N/A
|
|
Unintended release of a copy of a letter to incorrect recipient.
|
Low risk
|
N/A
|
N/A
|
|
Disclosure of email addresses by using CC rather than BCC function, the majority of which were in public domain.
|
Low risk
|
N/A
|
N/A
|
|
One staff member’s work email inbox was inadvertently migrated into another for a short period
|
Zero risk
|
Yes
|
N/A
|
|
Stolen laptop, which was encrypted
|
Zero risk
|
N/A
|
N/A
|
|
A third party’s tax details issued to another third party in error.
|
Zero risk
|
N/A
|
N/A
|
|
External supplier’s details forwarded to another supplier in error.
|
Zero risk
|
N/A
|
N/A
|
|
Email intended for a grant applicant of Live Performance Restart Grant Scheme issued to a different applicant in error.
|
Zero risk
|
Yes
|
N/A
|
|
Officer inadvertently made his own personal data available to other team-members.
|
Low risk
|
N/A
|
N/A
|
2021
|
Disclosure of email addresses of applicants in recruitment competition to other applicants
|
Low risk
|
Yes
|
N/A
|
|
Inadvertent release of personal data of one member of the public to another.
|
Low risk
|
N/A
|
N/A
|
|
Personal details of grantees of Live Performance Scheme issued to two other grantees in error.
|
Low risk
|
Yes
|
N/A
|
|
Inadvertent sharing of staff maternity information with incorrect staff member
|
Zero risk
|
N/A
|
N/A
|
|
List of participants' roles and budgets issued to incorrect project in error.
|
Zero risk
|
N/A
|
N/A
|