Following identification by it of an unauthorised electronic release of information in August 2012, NAMA implemented further systems enhancements. I am satisfied with NAMA's procedures to prevent data breaches, however as the Deputy would be aware that no system or control can provide absolute assurance in cases of an individual determined to break the law.
I am advised that NAMA operates best-in-class data loss/leak prevention systems across email, applications and network drives. The systems in place are designed to detect potential data breaches/data ex-filtration transmission and to prevent such breaches by monitoring, detecting and blocking sensitive data while in use, in motion and in storage. Systems in place include restricted access to applications on network drives, restrictions on copying data to external media, restrictions on email transmissions to non-corporate addresses, and restrictions on the type and size of attachments that can be transmitted. There are audit trails of all access on NAMA s applications. A formal quarterly review of access to NAMA systems is carried out. This in addition to the on-going monitoring, review and, where relevant, updating and regular auditing of systems.
