Data Protection

The Department takes its responsibilities in relation to data protection and internal control very seriously. Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. Records of data accesses are kept and are subject to audits. All cases of suspected data breaches are investigated. The Department has data protection and information security policies, standards, procedures and guidelines in place governing the use of its computer systems and customer data. These are communicated on an ongoing basis to our staff and high standards are expected in relation to the handling and processing of personal client information. The policies, procedures and guidelines are kept under constant review and are updated as appropriate. Staff members are regularly reminded of their obligations under data protection and information security policies and of the penalties applicable in respect of any breach of these policies. Data protection obligations are also covered on induction programmes for new staff members and on management development programmes and in presentations given by the Department’s Business Information and Internal Control Support Units.

The Department treats all data breaches seriously, including reports from its own staff, and where appropriate data breaches are reported to the Office of the Data Protection Commissioner.

Where instances or reports of illegal sharing of information with third parties by staff have come to light they have been thoroughly investigated and, where appropriate, sanctions have been applied. These include disciplinary sanctions such as loss of increment, loss of entitlement to enter promotional competitions and dismissal.