John Perry (Sligo-North Leitrim, Fine Gael)

I thank the Deputy for raising this important issue. The protection of personal information is a matter for the Office of the Data Protection Commissioner, which falls under the remit of my colleague the Minister for Justice and Equality. However, the point raised by the Deputy is one which is of concern across the Government, particularly following revelations in recent weeks about the unauthorised accessing of personal information via telecommunications equipment.

I assume the particular matter that is of concern to the Deputy is remote access to the voicemail service of mobile phone users by other persons and the apparent ease with which this can occur by the use of default access codes. It appears the main issue in this regard is the lack of information available to mobile phone users about such remote access and the need for users to ensure the default access code is changed to prevent unauthorised access to voice messages.

I understand the Office of the Data Protection Commissioner is having discussions with some of the mobile phone operators with a view to addressing the potential problems with the existing system. Mobile phone users also have the facility, which is easily available, of deleting messages in their voice mailboxes as a further security measure.

With the evolution of smartphones and their ever-increasing data capacities, there are also concerns about the potential for leaks of personal information from such devices. For example, some of the newer smartphones have data capacities of 2 GB or more, which in layman's terms means that they can easily store 2,000 emails and 3,000 medium-sized documents. Many of these devices have built-in privacy managers that allow the user to customise how the phone manages personal information. It is my understanding that such settings can be changed at any time and not just when an application is first installed. While the handsets provide for such privacy settings, it is ultimately a matter for the phone user to ensure they are properly activated, monitored and updated or amended as required.

More generally, mobile phone companies provide services that facilitate the storage and transmission of personal information in a number of ways. These include SMS, e-mail, social media such as Facebook and voicemail. There are a number of mechanisms in place to protect the personal information associated with these facilities. For example, the majority of handsets feature the use of PIN numbers to unlock the handset. This feature is put in place by equipment manufacturers so that access to the handset can be restricted to the user, thereby protecting the handset and preventing misuse. Encryption of messages is another security method that is frequently used, particularly for users of BlackBerry handsets. The combination of such facilities allows users to protect information stored on their phones, such as SMS messages and e-mails, as well as protecting personal information, such as voicemails, stored on the telecommunications network.

It should be noted that the Minister for Communications, Energy and Natural Resources has recently introduced secondary legislation that obliges companies providing publicly available electronic communications networks or services to safeguard the security of their services. It is an offence for such companies not to comply with these requirements. Provisions with regard to data breaches have been also strengthened.

Many mobile phone users do not seem to realise the importance of using all the readily available security mechanisms that are provided by phone operators at present. I believe the recent incidents of phone hacking, which have been widely reported in the media, will serve as a reminder to phone users that they should ensure the handsets they use and the data stored on those handsets are secure. User information and awareness is key to this issue and I look forward to the outcome of discussions between the mobile phone operators and the Data Protection Commissioner in this regard

See this speech in context