Dáil Éireann Debate, Wednesday - 24 September 2008
1283 Deputy Richard Bruton asked the Minister for Social and Family Affairs the circumstances that led to the loss of files containing sensitive personal information regarding social welfare recipients; the protocols that were in place governing the handling of such data; the way it came about that these protocols did not protect against this incident; and if she will make a statement on the matter. [29679/08]
View answer1355 Deputy Leo Varadkar asked the Minister for Social and Family Affairs the reason in respect of the laptop stolen from the office of the Comptroller and Auditor General containing information provided by her Department, such information was required by the Comptroller and Auditor General’s office; the measures which her Department had put in place to ensure that information provided to other Government bodies and agencies was adequately protected; if those measures have subsequently been modified or changed; the date her Department was made aware of the robbery of this laptop; and if she will make a statement on the matter. [31238/08]
View answerI propose to take Questions Nos. 1283 and 1355 together.
This Department provides an office in Oisín House, Pearse Street, Dublin 2 for exclusive use by officials of the Comptroller and Auditor General. On 12 April 2007, an officer of the Comptroller and Auditor General (C&AG) reported, to the Department's Facilities Management Unit, that a laptop computer had gone missing from the room. A search of the building and a review of CCTV footage did not provide any further information. The loss of the laptop was reported to the C&AG Head Office and the Garda.
On 1 August, 2008, some 16 months after the laptop went missing, the Office of the C&AG informed the Department that the missing laptop contained a number of files used in connection with the audit of the Social Insurance Fund for 2004 and 2005. These files contained some 380,000 individual personal customer records.
The information had been provided by the Department to the Office of the C&AG on foot of authorised requests from that Office in line with established protocols. These officials were provided with access to the file on the Department's internal ICT network where the data was stored in an encoded format. They subsequently transferred the data to the laptop in question. While the laptop was password-protected, the data was not encrypted. The Department has been engaged in a programme of continuous development and deployment of measures to enhance data security. Since this incident came to light, the Department has further reviewed and enhanced its protocols in relation to the transfer of data to third parties, including the Office of the C&AG. All bulk data is now transferred in an encrypted format, in accordance with the Department's ‘External Party Electronic Data Transfer Policy'.
