Data Protection

It is not clear whether the Deputy is referring to cyber security breaches or more generally to personal data breaches under the GDPR, which would include the inadvertent disclosure of personal data to third parties. 

Since 2018 there have been no cyber security breaches of ICT systems directly controlled and managed by my Department. In that period, there was one incident where an externally hosted static website associated with the work of my Department was compromised. The website in question is not hosted by my Department and there was no risk to the Department's ICT infrastructure arising from this breach.  The matter was fully resolved in accordance with good cyber security practice.

Since the introduction of the GDPR on 25th May 2018 to date, 12 personal data breaches have occurred in my Department and 43 personal data breaches have occurred in the Offices* under its aegis.  The nature of all of these personal data breaches has involved the accidental disclosure of personal data to third parties as a result of administrative or human error.

The decision to report personal data breaches to the Data Protection Commission is a matter for our Data Protection Officer, who is an independent appointed officer, following a full risk analysis of the details pertaining to each personal data breach case. As a result of the mitigation actions that were put in place to protect the privacy rights and freedoms of the affected individuals, the Data Protection Commission were satisfied that no further action was required.

Since 2020, the number of personal data breaches that have occurred in my Department and in the Offices under its aegis has been reduced by more than 50% compared to 2019, as a result of targeted breach prevention training for staff that has been delivered by our Data Protection Officer and the enhancement of administrative protocols in business areas with high levels of personal data processing.  

*The Offices under the aegis of my Department include the Workplace Relations Commission; the Labour Court; the Companies Registration Office incorporating the Registry of Friendly Societies and the Register of Beneficial Ownership; the Intellectual Property Office of Ireland; and the Office of the Director of Corporate Enforcement.