Léim ar aghaidh chuig an bpríomhábhar
Gnáthamharc

Data Protection

Dáil Éireann Debate, Tuesday - 17 October 2023

Tuesday, 17 October 2023

Ceisteanna (297)

Peadar Tóibín

Ceist:

297. Deputy Peadar Tóibín asked the Minister for Tourism, Culture, Arts, Gaeltacht, Sport and Media further to Parliamentary Question No. 345 of 3 October 2023, if she will provide detail on the nature of the data breaches suffered by her Department; the severity of the breaches; if all individuals whose information was compromised were notified of the breach; if the Data Protection Commission was notified of all data breaches; and if she will make a statement on the matter. [45345/23]

Amharc ar fhreagra

Freagraí scríofa

Further to my previous response to Parliamentary Question No. 345 of 3 October 2023, the additional information requested by the Deputy is set out in the table below.

As previously stated, I am advised that the majority of breaches were deemed to be of zero or low risk, and were therefore not required to be notified to the affected data subjects or the Data Protection Commission in accordance with the Data Protection Commission Guidance on Breach Notifications, which is available at the link below. 

www.dataprotection.ie/sites/default/files/uploads/2019-08/190812%20GDPR%20Breach%20Notification%20Quick%20Guide.pdf.

There was one data breach which was deemed by my Department to meet the threshold for notification to the data subjects and referral to the Data Protection Commission. The notifications for that breach were carried out promptly and the case was resolved quickly to the satisfaction of the data subjects and the Data Protection Commission.

Year

Detail on nature of breaches

Severity of Breach

Have individuals been notified?

Was Breach reported to the Data Protection Commission?

2023

Premature release of board appointees to incoming Chairperson of Údarás na Gaeltachta, which is now in public domain

Zero risk

N/A

N/A

 

Inadvertent release of personal data relating to 17 households, to each of those households.

Medium risk

Yes

Yes

 

Supplier and staff data sent in error to individual in the Government's National Shared Service Office (NSSO).

Low risk

N/A

N/A

 

Interview board schedule issued to incorrect interview board

Low risk

N/A

N/A

2022

Stolen laptop, which was encrypted

Zero risk

N/A

N/A

 

Unintended release of a copy of a letter to incorrect recipient.

Low risk

N/A

N/A

 

Disclosure of email addresses by using CC rather than BCC function, the majority of which were in public domain.

Low risk

N/A

N/A

 

One staff member’s work email inbox was inadvertently migrated into another for a short period

Zero risk

Yes

N/A

 

Stolen laptop, which was encrypted

Zero risk

N/A

N/A

 

A third party’s tax details issued to another third party in error.

Zero risk

N/A

N/A

 

External supplier’s details forwarded to another supplier in error.

Zero risk

N/A

N/A

 

Email intended for a grant applicant of Live Performance Restart Grant Scheme issued to a different applicant in error.

Zero risk

Yes

N/A

 

Officer inadvertently made his own personal data available to other team-members.

Low risk

N/A

N/A

2021

Disclosure of email addresses of applicants in recruitment competition to other applicants

Low risk

Yes

N/A

 

Inadvertent release of personal data of one member of the public to another.

Low risk

N/A

N/A

 

Personal details of grantees of Live Performance Scheme issued to two other grantees in error.

Low risk

Yes

N/A

 

Inadvertent sharing of staff maternity information with incorrect staff member

Zero risk

N/A

N/A

 

List of participants' roles and budgets issued to incorrect project in error.

Zero risk

N/A

N/A

Barr
Roinn