Dáil debates

Wednesday, 31 October 2007

2:30 pm

Photo of Olwyn EnrightOlwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

Question 58: To ask the Minister for Social and Family Affairs the action he has taken to prevent improper access to confidential information within his Department; and if he will make a statement on the matter. [26532/07]

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

My Department, because of the nature of its work, holds extensive and detailed personal information about its customers. Most employees of the Department need and have access to this information to deliver the Department's services.

The Department is aware of its obligations to its customers under the Data Protection Acts of 1988 and 2003 to ensure that information is collected appropriately, maintained securely and used only for the purpose for which it was intended. The Department takes these obligations very seriously and takes the strongest line on the misuse of customer information by any of its staff. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct under the disciplinary code and comes under immediate consideration for dismissal.

In recent years the Department has strengthened security and data protection protocols. The security of systems and processes is regularly reviewed and there is password protection on all accounts. A dedicated unit has been established to oversee business information protection across the Department and has developed and communicated policies and procedures covering the use of systems and data. This unit also investigates alleged breaches that arise. Staff are regularly reminded of their obligations under data protection and security policies and the penalties applied to such misuse. In addition, the ongoing development of computer systems continues to incorporate further security and logging facilities.

The protection of personal data is a matter for the Department, and the Secretary General, as part of the risk management process, has established a high level group to review all aspects of access controls and security management.

Photo of Olwyn EnrightOlwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

In terms of the provision of information, how many breaches of the policy have occurred in the Department over the past five years and what prosecutions have been taken against staff members who leaked this confidential information? The Minister said the Department takes the strongest possible line in this regard. He will be aware of two specific cases mentioned in the media earlier this month. In the case of the member of staff who leaked information to his criminal brother, was a prosecution taken against that person by the Garda? Another senior official in the Department improperly accessed and passed on records of approximately 40 individuals to newspapers. That individual subsequently retired, but what action was taken against that person? Did the Department prosecute that individual? What other disciplinary actions, if any, have been taken with regard to these two individuals?

What plans does the Minister have to detect improper access in the future? I am concerned that the Department did not know about these two cases until the Garda informed it of one case and it was informed by one of the people whose name appeared in a newspaper of the other.

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

There have been only three cases since 2002. Given the scale of the operations of the Department, the number of customers and the number of operations carried out on a daily or weekly basis, that number is relatively small, although they are serious matters. In the first case referred to by the Deputy, the official has been dismissed. In the second case, the official resigned before disciplinary action could be taken by the Department. In another case, of a less serious nature, the officials involved were cautioned about their conduct and this was noted in their personal files.

As mentioned, the Secretary General has established a high level group within the Department to constantly review all aspects of access controls and security management. The Deputy is probably aware that, under the Data Protection Act, prosecutions fall under the remit of the Data Protection Commissioner. The action taken has been quite severe; people have lost their jobs.

Photo of Olwyn EnrightOlwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

Has the Data Protection Commissioner prosecuted any of the individuals involved? With regard to the third case, I assume the Minister refers to the case of the lady who won the national lottery. Some 106 officials looked up that person's file. This means 106 officials abused their position. I would not consider that breach as of a less serious nature. I am sure the Minister agrees that staff are not engaged to look up people's private information for their own amusement.

The Minister used the phrase "the strongest possible line". Does he believe that line should include prosecution of those within the Department who abuse their position? I put it to him that if people do not fear prosecution for abuse of position, there is little to stop them from continuing with this type of behaviour.

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

We need to keep the matter in context. There were only three cases. While I do not minimise the importance of those cases——

Photo of Olwyn EnrightOlwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

Some 40 individuals were named in one case.

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

Given the scale of operations the Department deals with, abuse of position does not take place on a large scale. I understand that the number of officials involved in accessing details of the person on file was 74, not 106. I did not say it was a less important matter, I meant it in comparison to giving somebody information for criminal activity, which was the case highlighted by the Deputy. That was the context in which I made those remarks.

There are improvements, ongoing training and awareness in the system. Every customer has a particular code and only that person can access that information. The system is under constant review, however, given the detailed range of welfare payments, which covers over 50 separate schemes. The system deals with 1.9 million applications, 6.5 million telephone calls and 68 million payments. In addition, 360,000 assignments have been conducted by the investigators and therefore there is a constant review of what is happening.

Photo of Olwyn EnrightOlwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

Will the Minister deal with the fact that the Department did not know about the mistakes until other people highlighted them?

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

I am not aware that was the case. My understanding is that the Department knew, but clearly the information came into the public domain as well.