Data Protection

I propose to take Questions Nos. 93 and 95 together.

As one of the largest data controllers in the State, the Department is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Acts 1988 and 2003 and takes its responsibilities in relation to data protection very seriously.

Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. Records of data accesses are kept and are subject to audit. In the rare instance where reports of illegal sharing of information with third parties by a member of staff have been substantiated, sanctions up to and including dismissal have been applied.

The Department assists An Garda Siochana and/or the Office of the Data Protection Commissioner in their investigations and puts substantial resources in place to deal with these.

The Department has an extensive suite of data protection and information security policies, standards, procedures and guidelines in place governing the use of its computer systems and customer data. Staff members are regularly reminded of their obligations under data protection and information security policies and of the penalties applicable in respect of any breach of these policies. All staff members, every year, must sign undertakings to read and act in accordance with data protection policies and guidelines, which are kept under constant review and are updated as appropriate. Data protection obligations are also covered on training programmes for new and existing staff members.