I propose to take Questions Nos. 87 and 193 to 202, inclusive, together.
As I stated in my response to Parliamentary Question 62 of 8 May 2012, the specifics of that matter relate to a position taken by a NAMA debtor in attempting to defend judgment proceedings taken by NAMA against him. I do not propose to comment as this relates to a matter which is within the jurisdiction of the Courts.
NAMA has legal obligations in respect of confidentiality of information under the NAMA Act 2009 and under other legislation including the Data Protection Acts. I am advised by NAMA that, in any case where there is any concern that there may have been a possible data breach, the matter is investigated in compliance with the Data Protection Commissioner’s Personal Data Security Breach Code of Practice and, where required by the Code, notified to the Data Protection Commissioner. Matters referred to the Office of the Data Protection Commissioner are dealt with by that Office in accordance with its statutory remit.
I am assured by NAMA that it regards any data breach with the utmost seriousness and that it assiduously implements any actions required by the Commissioner’s Code of Practice, or recommended to it by the Commissioner in response to breach notifications, to safeguard against possible future breaches. NAMA’s primary concern is to meet its obligations under the Data Protection Acts 1988 and 2003 to process personal data in compliance with those Acts, including taking appropriate measures to protect the security of such data. As there is a well-established statutory framework in place to deal with unauthorised data disclosures, I consider that such disclosures are best managed by the Commissioner and by NAMA within that framework.