Brian Cowen (Laois-Offaly, Fianna Fail)

With regard to what happens if a device is missing or stolen, in that event, the user account associated with that device is immediately disabled and, in the case of BlackBerries, they are centrally disabled from the server and the memory of the machine is also wiped in this procedure; the network provider is notified so that the SIM card is disabled, which renders the device inaccessible to unauthorised users; the Department's asset register is updated; in the case of theft, the user is asked to report the matter to the Garda; and, where personal or sensitive data are compromised, the Data Protection Commissioner will be also informed.

On whether I am satisfied that personal data belonging to members of the public held in the Department's databases are safe from unauthorised access or from hackers, I am satisfied that my Department applies best practice on data protection. The procedures, products and devices they have are regularly reviewed and updated to ensure they are capable of providing the best security appropriate to the Department's needs at all times. On whether there were any instances where personal data held by the Department or any of its agencies were compromised in any way, I am informed that no personal data held electronically by my Department have been compromised in any way.

Regarding the need to comply with data protection legislation in the protection of personal data, I am informed that the Department fully complies with the provisions of the 1988 and 2003 Acts, and the Freedom of Information Acts 1997 and 2003 in managing electronic and paper based records.

On the overall situation in terms of data held electronically in all Departments, when I was Minister for Finance, the Department of Finance, as the Department of the public service, wrote to all Departments, offices, and agencies in November 2007 seeking information on the systems and procedures in place to protect the confidentiality of personal data. After collating and examining those responses the Department of Finance then produced a report for Government which contained the findings and a number of recommendations. It was circulated to relevant stakeholders for comment and observation and was presented to Government for consideration in April 2008. The Government noted the report and also that the Department of Finance was convening a working group to produce guidelines based on the recommendations of that report. That cross-departmental working group had its first meeting in May 2008. The CMOD section of the Department of Finance chairs meetings of the group and provides a secretariat.

The group has produced guidelines and a template code of practice for Departments, offices and agencies on the protection of personal data held electronically, on paper and on data storage devices. Those guidelines also cover the protection of data while being transferred electronically between Departments and via e-mail. Those documents, based on best practice in this area were passed to the Data Protection Commissioner and other members of the working group for observations. Following their responses both documents were circulated to all Departments, offices and agencies. There has been an effort to provide uniform standards through that process in the past 12 to 18 months.

See this speech in context