Mary Hanafin (Dún Laoghaire, Fianna Fail)

The Department of Social and Family Affairs administers around 50 schemes and makes payments to 1 million people each week. Due to the nature, scale and diversity of its work, the Department is heavily reliant on ICT and holds detailed information about its customers. The Department takes its responsibilities to safeguard this data extremely seriously.

All electronic data is stored in the Department's primary computer site. The site itself has rigorous control procedures and site perimeter protection. There are arrangements in place for inter-site back-up of data. Security arrangements, including encryption, are in place to cover the necessary transfer of data to other agencies for service delivery purposes. Our systems are subject to standard physical security measures. Industry standard security protocols, such as password protection and security software, are deployed to protect all devices supplied by the Department and to preserve the confidentiality of data.

Given their small size and portable nature, it is more likely that portable devices may fall into the wrong hands than a desktop system. It is the Department's policy not to hold sensitive personal data on laptops. Should we decide that we need such data on these devices, it will be encrypted. Procedures for the management and maintenance of portable devices are currently under review by the Department and revised operational guidelines are at an advanced stage of development.

Every effort is made by the Department to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. Over the last number of years, the Department has continuously strengthened security and data protection protocols. Policies and procedures governing the use of systems and data have been developed and communicated to staff. These policies and procedures are under constant review and are updated as appropriate. Staff are regularly reminded of their obligations under data protection and security policies and of the penalties applicable in respect of any breach of these policies.

In addition to the policy measures, the Department is also ensuring that higher levels of data protection are built into its latest generation of ICT systems to reflect the increased threats in this area. Considerable resources have also been devoted to increasing the security and monitoring facilities in its older systems.

Additional information not given on the floor of the House.

A high-level group has been established within the Department to review access management and control. The primary focus of the group is to direct the development of the Department's policy on access to data, ensure that existing measures are co-ordinated across systems and to initiate further work programmes to address emerging issues. In order to preserve public confidence in the operations of the Department, there has been considerable focus on the issue of data confidentiality. The Department recognises that security measures must continually evolve and it will continue to reflect this in its systems and procedures.

See this speech in context