Martin Cullen (Waterford, Fianna Fail)

The Department administers some 50 schemes and makes payments to 1 million people each week. The nature and volume of its business mean that it is heavily dependent on information communications technology, ICT, facilities to carry out the bulk of its business and it has responsibility for a significant amount of data.

Given the nature, scale and diversity of its work, the Department holds extensive and detailed personal information about its customers. It is fully aware of its obligation to safeguard the security of this data and it employs a wide range of measures to protect the confidentiality, availability and integrity of information. Where staff are found to have breached these measures, disciplinary action up to and including dismissal is taken.

The Office of the Data Protection Commissioner undertook an audit of the Department in late January 2008. The commissioner has not yet finalised the report of his findings. When the final report is received, its findings and recommendations will be carefully examined by the Department with a view to taking whatever additional actions are necessary.

Over recent years, the Department has continuously strengthened security and data protection protocols. Staff are regularly reminded of their obligations under data protection and security policies and of the penalties applicable to any breach of these obligations. Policies and procedures covering the use of systems and data have been developed and communicated to the staff. These policies and procedures are under continual review and are updated as appropriate. The most recent policy update took place in June 2007, with the publication of a corporate information security policy. In addition to the policy measures, the Department is also ensuring that higher levels of data protection are built into its latest generation of ICT systems to reflect the increased threats in this area. Considerable resources have also been devoted to increasing the security and monitoring facilities in its older systems.

A high level group has been established within the Department to review access management and control. The primary focus of the group is to direct the development of the Department's policy on access to data, ensure that existing measures are co-ordinated across systems and to initiate further work programmes to address emerging issues.

To preserve public confidence in the operations of the Department, there has been, and will continue to be, considerable focus on the issue of data confidentiality. I assure the Deputy that the Department recognises that security measures must continually evolve and it will continue to reflect this in its systems and procedures.

See this speech in context