Dáil Éireann Debate, Thursday - 18 December 2014
64. Deputy Willie O'Dea asked the Tánaiste and Minister for Social Protection the number of data protection breaches that were reported in her Department this year; the action that has been taken to address these breaches; and if she will make a statement on the matter. [49369/14]
View answerIn 2014 there have been a total of 24 confirmed data breaches. A further 13 cases reported are still under investigation to establish if a breach occurred.
Suspected data breaches identified by the Department’s own auditing and monitoring systems, or brought to the Department’s attention by third parties, are thoroughly investigated and appropriate action is taken. The majority of confirmed breaches are due to genuine error, such as inadvertently addressing communications to the wrong person. In all cases processes and procedures are examined to prevent re-occurrence and an apology is sent to the clients concerned. The clients are also informed of their right to contact the Office of the Data Protection Commissioner.
In some cases where a data protection breach has been substantiated and the breach occurred because of certain actions of a staff member, appropriate sanctions are applied in accordance with the Civil Service Disciplinary Code. Sanctions applied reflect the severity of the breach and can include dismissal, financial penalties such as the loss of increments, removal of access to the Department’s systems and loss of entitlement to enter promotional competitions.
The Department takes its responsibilities in relation to data protection very seriously. Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way.
The Department has data protection and information security policies, standards, procedures and guidelines in place governing the use of its computer systems and customer data. These are kept under constant review and updated as appropriate.
Staff members are regularly reminded of their obligations in accordance with these policies and of the penalties applicable in respect of any breach of them. All staff members are required to sign undertakings every year to the effect that they have read, and will act in accordance with, data protection policies and guidelines.
Data protection obligations are also covered on induction programmes for new staff members, on management development programmes and in presentations given by the Department’s Business Information Security Unit.
