Brian O'Shea (Waterford, Labour)
Link to this: Individually | In context

Question 80: To ask the Minister for Social and Family Affairs if the audit by the Data Protection Commissioner of his Department's procedures for processing personal data is finalised; the main conclusions reached; and the specific actions his Department will be taking on foot of these conclusions. [12205/08]

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

The Department administers some 50 schemes and makes payments to 1 million people each week. The nature and volume of its business mean that it is heavily dependent on information communications technology, ICT, facilities to carry out the bulk of its business and it has responsibility for a significant amount of data.

Given the nature, scale and diversity of its work, the Department holds extensive and detailed personal information about its customers. It is fully aware of its obligation to safeguard the security of this data and it employs a wide range of measures to protect the confidentiality, availability and integrity of information. Where staff are found to have breached these measures, disciplinary action up to and including dismissal is taken.

The Office of the Data Protection Commissioner undertook an audit of the Department in late January 2008. The commissioner has not yet finalised the report of his findings. When the final report is received, its findings and recommendations will be carefully examined by the Department with a view to taking whatever additional actions are necessary.

Over recent years, the Department has continuously strengthened security and data protection protocols. Staff are regularly reminded of their obligations under data protection and security policies and of the penalties applicable to any breach of these obligations. Policies and procedures covering the use of systems and data have been developed and communicated to the staff. These policies and procedures are under continual review and are updated as appropriate. The most recent policy update took place in June 2007, with the publication of a corporate information security policy. In addition to the policy measures, the Department is also ensuring that higher levels of data protection are built into its latest generation of ICT systems to reflect the increased threats in this area. Considerable resources have also been devoted to increasing the security and monitoring facilities in its older systems.

A high level group has been established within the Department to review access management and control. The primary focus of the group is to direct the development of the Department's policy on access to data, ensure that existing measures are co-ordinated across systems and to initiate further work programmes to address emerging issues.

To preserve public confidence in the operations of the Department, there has been, and will continue to be, considerable focus on the issue of data confidentiality. I assure the Deputy that the Department recognises that security measures must continually evolve and it will continue to reflect this in its systems and procedures.

Róisín Shortall (Dublin North West, Labour)
Link to this: Individually | In context

When does the Minister expect to receive the review of the Data Protection Commissioner? Will he put on record his commitment to implementing the recommendations of that review?

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

I obviously cannot speak for the Data Protection Commissioner.

Róisín Shortall (Dublin North West, Labour)
Link to this: Individually | In context

When does the Minister expect to receive the review?

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

I hope it will be finalised shortly. I am not the Data Protection Commissioner and I await his report.

Róisín Shortall (Dublin North West, Labour)
Link to this: Individually | In context

I know that. I am asking when the Minister expects to have his report.

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

I said "shortly". I do not know. The Data Protection Commissioner is responsible for presenting the report and when he does, Deputy Shortall will be the first to hear of it.

Róisín Shortall (Dublin North West, Labour)
Link to this: Individually | In context

Is the Minister committed to implementing the recommendations of the commissioner's report?

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

Any recommendations that can be implemented to enhance the security of the systems on behalf of our customers will be, and are at all times, implemented.

Róisín Shortall (Dublin North West, Labour)
Link to this: Individually | In context

Is that "Yes"?

Olwyn Enright (Laois-Offaly, Fine Gael)
Link to this: Individually | In context

Since the difficulties took place that led to the Data Protection Commissioner preparing this report, has the Minister done anything to strengthen the procedures in the Department? For example, I understand a digital fingerprint records exactly at what staff within the Department are looking. Are spot checks done to ensure staff are only accessing files relevant to their own direct line of work?

Martin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

As a result of my and the House's interest in this issue over time, I raised it at management board meetings within the Department to ensure that the most up-to-date security systems, in terms of the new ICT systems that are being put into the Department, give the highest possible level of protection to the information supplied by customers. There are spot checks in the Department and senior staff have responsibilities in this area also. At all times we seek to enhance the process.

In addition, new enhanced security systems are being included in some of the existing older systems that are maintained. Given the scale and number of operations — over 50 schemes and over 1 million customers getting payments every week — by and large the Department and its officials are doing a very good job.