Brian Cowen (Laois-Offaly, Fianna Fail)

I propose to take Questions Nos. 1 to 3, inclusive, together.

Although sensitive information belonging to members of the public is not generally collected by or stored in the Department's electronic systems, specific measures are in place in my Department to protect all data held electronically.

Access to personal information held on databases within my Department is controlled by application security and confined to relevant authorised personnel only. Access by users to these systems is granted on an "as needs only" basis. The Department's computer networks are secured against cyber attacks through the use of security products such as multiple firewalls, anti-virus software and e-mail security tools. Remote access equipment is only issued to staff who have a business need to access the Department's systems out of the office. All applications for access are sent to, and approved by, the personnel officer. Staff supplied with mobile equipment are issued with guidance to ensure devices are secured properly. The hard drives of all laptops are encrypted and do not store Departmental data physically on them. Strong authentication methods, in addition to user name and password, are in place to prevent unauthorised access to the Department's network from mobile devices.

My Department complies with the guidelines on protecting the confidentiality of personal data issued by the Department of Finance. It also evaluates and reviews advanced information security products and technologies as they come to market and implements them where appropriate. In short, my Department applies best practice and uses industry standard information security protection devices and software to protect all data within its systems. It regularly reviews and updates these security procedures and products as a matter of course.

See this speech in context