Enda Kenny (Mayo, Fine Gael)

I thank the Taoiseach for that reply. If I understood him correctly, he clarified that no laptops, as far as is known, have been stolen from his Department.

The Taoiseach will be aware that personal information on 380,000 people on the social welfare register went missing in April 2007. It took until August 2008 — 16 months — before the Minister for Social and Family Affairs was made aware of the extent of the loss. I understand that the data was only password protected instead of being encryption protected. Am I correct that sensitive data in the Taoiseach's Department are encryption protected and not only password protected?

The Taoiseach will be aware that personal data on 580,000 people has been lost in the past 18 months and that the reporting of that seems to be inadequate. As he is aware, there are procedures in place but there are no specific legal obligations on a body which loses personal data to notify a person that private information on him or her has been lost. Also, there is no legal obligation on a body to notify the Data Protection Commissioner of any such loss. Does the Taoiseach agree that it is only right and proper that if a person's information is lost, he or she should be notified and there should be a legal requirement in that regard? Does he also agree that if a body loses similar relevant information, it should be obliged to inform the Data Protection Commissioner? The Taoiseach is aware that the reports of the Data Protection Commissioner are only made public if the body being investigated agrees to their publication. The Irish Blood Transfusion Board agreed to publication, but the Bank of Ireland did not.

See this speech in context