Martin Cullen (Waterford, Fianna Fail)

My Department, owing to the nature of its work, holds extensive and detailed personal information about customers. Most employees of the Department need and have access to this information to deliver the Department's services. The Department is aware of its obligations to its customers under the Data Protection Acts 1988 and 2003 to ensure information is collected appropriately, maintained securely and used only for the purpose for which it was intended. The Department takes these obligations very seriously and takes the strongest line on the misuse of customer information by any of its staff. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the disciplinary code and comes under immediate consideration for dismissal.

Since the incidents referred to in the media, the Department has strengthened security and data protection protocols. The security of systems and processes is regularly reviewed and there is password protection on all accounts. A dedicated unit has been established to oversee business information protection across the Department and has developed and communicated policies and procedures covering the use of systems and data. This unit also investigates alleged breaches that arise.

Staff are regularly reminded of their obligations under data protection and security policies and the penalties applied to such misuse. In addition, the ongoing development of computer systems continues to incorporate further security and logging facilities. The protection of personal data is a matter for the Department. The Secretary General, as part of the risk management process, has established a high level group to review all aspects of access controls and security management.

See this speech in context