Martin Cullen (Waterford, Fianna Fail)

My Department, because of the nature of its work, holds extensive and detailed personal information about its customers. Most employees of the Department need and have access to this information to deliver the Department's services.

The Department is aware of its obligations to its customers under the Data Protection Acts of 1988 and 2003 to ensure that information is collected appropriately, maintained securely and used only for the purpose for which it was intended. The Department takes these obligations very seriously and takes the strongest line on the misuse of customer information by any of its staff. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the disciplinary code and comes under immediate consideration for dismissal.

In recent years the Department has strengthened security and data protection protocols. The security of systems and processes is regularly reviewed and there is password protection on all accounts. A dedicated unit has been established to oversee business information protection across the Department and has developed and communicated policies and procedures covering the use of systems and data. This unit also investigates alleged breaches that arise. Staff are regularly reminded of their obligations under data protection and security policies and the penalties applied to such misuse. In addition, the ongoing development of computer systems continues to incorporate further security and logging facilities.

The protection of personal data is a matter for the Department, and the Secretary General, as part of the risk management process, has established a high level group to review all aspects of access controls and security management.

See this speech in context