Dáil debates
Wednesday, 24 September 2008
Data Protection.
11:00 am
Brian Cowen (Laois-Offaly, Fianna Fail)
I propose to take Questions Nos. 5 to 8, inclusive, together.
My Department applies best practice and uses industry standard information security protection devices and software to protect all data within its systems. The Department regularly reviews and updates these security procedures and products as a matter of course.
No computers, disks, laptops or memory storage devices containing personal information about members of the public have been lost or stolen from my Department. Although sensitive information belonging to members of the public is not generally collected by, or stored, in the Department's electronic systems, a number of specific measures are in place in my Department to protect all data which is held electronically.
Access to personal information held on databases within my Department is controlled by application security and confined to relevant authorised personnel only. Access by users to these systems is granted on a "needs only" basis. The Department's computer networks themselves are secured against cyber attacks through the use of security products such as multiple firewalls, anti-virus software and e-mail security tools. Staff supplied with mobile equipment are issued with guidance to ensure devices are secured properly. The hard drives of all laptops are encrypted and do not store departmental data physically on them. Strong authentication methods, in addition to username and password, are in place to prevent unauthorised access to the Department's network from mobile devices.
My Department also evaluates and reviews advanced information security products and technologies as they come to market and implements them where appropriate. The Department's IT assets are audited by the IT unit on an annual basis. The IT unit is currently carrying out an asset audit. Audits are also carried out on an ad hoc basis by the Department's internal audit unit. My Department is also subject to annual audit inspections by the Comptroller and Auditor General.
No comments