I propose to take Questions Nos. 1283 and 1355 together.
This Department provides an office in Oisín House, Pearse Street, Dublin 2 for exclusive use by officials of the Comptroller and Auditor General. On 12 April 2007, an officer of the Comptroller and Auditor General (C&AG) reported, to the Department's Facilities Management Unit, that a laptop computer had gone missing from the room. A search of the building and a review of CCTV footage did not provide any further information. The loss of the laptop was reported to the C&AG Head Office and the Garda.
On 1 August, 2008, some 16 months after the laptop went missing, the Office of the C&AG informed the Department that the missing laptop contained a number of files used in connection with the audit of the Social Insurance Fund for 2004 and 2005. These files contained some 380,000 individual personal customer records.
The information had been provided by the Department to the Office of the C&AG on foot of authorised requests from that Office in line with established protocols. These officials were provided with access to the file on the Department's internal ICT network where the data was stored in an encoded format. They subsequently transferred the data to the laptop in question. While the laptop was password-protected, the data was not encrypted. The Department has been engaged in a programme of continuous development and deployment of measures to enhance data security. Since this incident came to light, the Department has further reviewed and enhanced its protocols in relation to the transfer of data to third parties, including the Office of the C&AG. All bulk data is now transferred in an encrypted format, in accordance with the Department's ‘External Party Electronic Data Transfer Policy'.