Dáil Éireann Debate, Wednesday - 18 May 2016
60. Deputy Marc MacSharry asked the Minister for Finance when information on leaks or suspected leaks from the National Asset Management Agency were first brought to his attention; the steps he has taken in relation to same; and if he will make a statement on the matter. [10929/16]
View answerEmployees assigned by the NTMA to NAMA are bound by a number of statutory obligations in respect of the confidentiality of information to which they have access by virtue of their employment by NAMA. These include obligations imposed under Section 14(1) of the National Treasury Management Agency Act 1990 and under Section 202 of the NAMA Act 2009. Staff assigned to NAMA are also subject to the provisions of the Official Secrets Act 1963. Contravention of these statutory obligations constitutes criminal offences and, under Section 7 of the NAMA Act, a person who commits such offences may be liable to a substantial fine or term of imprisonment or both.
Under Section 19 of the Criminal Justice Act 2011, any party with evidence of criminal wrongdoing is legally obliged to bring such evidence to the attention of An Garda Siochána.
In September 2012, evidence emerged that confidential NAMA data may have been unlawfully disclosed by a former NAMA Officer. NAMA informed the Gardaí and the Data Protection Commissioner of their concerns and the matter was brought to my attention at the time. Last week, the former Officer was found guilty by the Dublin Circuit Criminal Court of the unlawful disclosure of confidential NAMA information. The case follows an extensive investigation of the matter by the Garda Bureau of Fraud Investigation (GBFI) since Autumn 2012.
In September 2012, NAMA launched a major review of data security and of data access within the Agency and of data transmission to external parties which had a business need to receive data from it. The review found that the security processes in place in NAMA (which were derived from those of the NTMA) were very robust, a number of additional measures were proposed and adopted in order to reduce further the scope for unauthorised transmission of data to external parties.
I am advised that NAMA employs a wide range of measures to prevent unauthorised disclosure of confidential data. These include practical measures such as the deployment of email monitoring technology to prevent email attachments from being forwarded to personal and non-corporate email accounts. IT controls also ensure that data cannot be saved from the NTMA network onto external storage devices, such as USB keys and compact discs. I am advised, however, that no organisation, short of installing system and process restrictions which would seriously compromise its ability to conduct its day to day business effectively, can absolutely protect itself against data theft. In the case of the unlawful disclosure of confidential NAMA information which was the subject of the recent prosecution in the Dublin Circuit Criminal Court, it was noted that despite NAMA's robust data security infrastructure the ex-employee, who was subject of the case, acted in a determined fashion to circumvent the security measures in place by distributing the information through his spouse who at that time was employed by a firm engaged in providing services to NAMA.
