Dáil Éireann Debate, Tuesday - 17 October 2023
287. Deputy Peadar Tóibín asked the Minister for Education further to Parliamentary Question No. 311 of 3 October 2023, if she will provide detail on the nature of the data breaches suffered by her Department; the severity of the breaches; if all individuals whose information was compromised were notified of the breach; if the Data Protection Commission was notified of all data breaches; and if she will make a statement on the matter. [45332/23]
Amharc ar fhreagraAs the Deputy will be aware, the General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and any personal data breaches since its introduction are dealt with under the Regulation and the Data Protection Act 2018.
Article 4 of the GDPR defines a data breach as “‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
The majority of data breaches that occurred in my Department since 2018 are classified as unauthorised disclosure of personal data, while the balance involved the loss of personal data. Of the breaches that occurred in my Department since May 2018, 11% are classified as medium risk, 65% as low risk, and 24% as no risk.
Data breaches which occurred in my Department were reported to the Data Protection Commission and/or the affected data subjects in line with the requirements of the legislation.
