Mr. Simon O'Brien:

There has been a great deal of public discourse. That is exactly what I wished to avoid in some of my decision-making which, as I said, I now regret. However, let us be very clear. We work in an information-rich environment and society, a society where technology is moving forward. We work in an environment where information can come out either through human sources who might work for the agency speaking to other people outside the agency, through surveillance or through overheard conversations. The result is that, at times, it appears that some comment on what should be issues of confidentiality within our organisation, even between individuals, is being discussed in newsprint and the media or potentially just between other people.

As I said in my opening statement, risk assessment and risk management must be dynamic. To refer back to the inception of our period in office, we three made little or no public comment in the first year. We were working quietly and, as we made clear on the last occasion we appeared before the committee, engaging with An Garda Síochána. Timeliness was an absolutely implacable issue for us as a commission. We waited a lengthy time while we were trying to improve this. There were conversations between us, as the commission, on whether we would ever become more vocal and public about the problems we were having. As that level of more public discourse happens, the level of risk of other people wanting to know what one might be saying increases. If the level of risk increases, one starts to think about how to mitigate that risk and what sort of counter-risk measures should be put in place.

In terms of risk assessment, there is a risk at all times. One can do a number of things. One can identify and isolate that risk and eliminate it. One can identify and examine that risk and accept some potential part of that risk because it is good for one, one can try to mitigate some parts of it, or one can just accept that there is the risk and work with it. We look at these types of issues all the time, but that is part of a standard procedure where there is proper governance and proper administrative governance. That is where we are. I am absolutely clear that this security check came about as a result of nothing more than the thought that while the risks were increasing, we might need to start thinking about and be aware of what risk we might be exposing ourselves to.