NAMA Staff Unauthorised Disclosures

I propose to take Questions Nos. 64 and 65 together.

I am advised that, in September 2012, after reporting its concerns about alleged unauthorised data disclosure to An Garda Síochána, NAMA launched a major review conducted by Deloitte of data security and of data access within the Agency and of data transmission to external parties which had a business need to receive data from it. While the Deloitte review found that the security processes in place in NAMA (which were derived from those of the NTMA) were very robust, a number of additional measures were proposed and adopted in order to reduce further the scope for unauthorised transmission of data to external parties.

I am advised that NAMA employs a wide range of measures to prevent unauthorised disclosure of confidential data. These include practical measures such as the deployment of email monitoring technology to prevent email attachments from being forwarded to personal and non-corporate email accounts. IT controls also ensure that data cannot be saved from the NTMA network onto external storage devices, such as USB keys and compact discs. I am advised, however, that no organisation, short of installing system and process restrictions which would seriously compromise its ability to conduct its day to day business effectively, can absolutely protect itself against data theft.  However, the standards employed by NAMA are to the highest professional available and implemented elsewhere.