My Department, because of the nature of its work, holds extensive and detailed personal information about our customers. It takes its obligations to its customers under the Data Protection Acts 1988 and 2003 very seriously and takes the strongest line in relation to the misuse of customer information. Any breach of trust by staff with regard to the confidentiality of information is treated as serious misconduct under the Civil Service Disciplinary Code.
Since 2008, two data breach incidents have been brought to the attention of the Data Protection Commissioner's Office. One case involved the theft of laptop computer from an office used by staff from the Office of the Comptroller and Auditor General. This contained records of some 380,000 DSP customers. The second case led to recent court action taken by the Data Protection Commissioner against three insurance companies and is currently the subject of a continuing Garda investigation.
Over the last number of years the Department has strengthened security and data protection protocols. The security of systems and processes is regularly reviewed and there is password protection on all accounts. A dedicated unit has been established to oversee business information protection across the Department and has developed and communicated policies and procedures covering the use of systems and data. Staff are regularly reminded of their obligations under data protection and security policies and the penalties applied to such misuse.