Dáil debates

Wednesday, 24 September 2008

 

Data Protection.

See the whole debate « Previous speaker Next speaker »

11:00 am

Photo of Brian CowenBrian Cowen (Laois-Offaly, Fianna Fail)

It is important that the person responsible for equipment lost or stolen notifies authorities as quickly as possible, and immediately if possible. The procedures in place to deal with equipment reported as lost or stolen in my Department is that, where a device is reported missing or stolen, the user account associated with that device is immediately disabled. BlackBerries are centrally disabled from the server, a procedure which also wipes the memory of the machine. The network provider is notified so that the SIM card can be disabled, which renders the device inaccessible to unauthorised users. The Department's asset register is updated and, in the case of theft, the user is asked to report the matter to the Garda. Where personal or sensitive data are compromised, the Data Protection Commissioner is also informed.

These procedures satisfy us that best practice is followed to ensure Departments' databases are safe from hackers, for example. Industry standard information security protection devices and software are used to protect all data within systems. These procedures, products and devices are regularly reviewed and, in the case of a breach of security, would have to be reviewed and updated to ensure they are capable of providing the best security appropriate to a Department's needs at all times.

In regard to whether any incidents have occurred whereby personal data held by the Department of the Taoiseach or its agencies were compromised in any way, no personal data held electronically by my Department has been compromised in any way.

Obviously, every Department has to be vigilant in this area and employ good people in the relevant units so that they have the most up-to-date means of ensuring data are not accessible by other than authorised users and, immediately upon notification of theft, the ability to disable that information and render it useless to anyone else. Wiping the information held on a server or whatever is also an important part of the process of protection.

Comments

No comments

 

Log in or join to post a public comment.