Tuesday, 17 November 2020
Ceisteanna - Questions
2. To ask the Taoiseach if a review has been conducted relating to the security of documents within his Department in view of the controversy surrounding the sending of a document to the head of a union (details supplied). [34745/20]
I propose to take Questions Nos. 1 to 4, inclusive, together.
My Department is committed to protecting the rights and privacy of individuals in accordance with the European Union General Data Protection Regulation, GDPR, which came into force on 25 May 2018. The Minister for Justice was responsible for the enacting legislation in Ireland and the Data Protection Act 2018 took effect on the same date.
In line with the requirements of GDPR, a data protection officer, DPO, was appointed within my Department in November 2017 to prepare for and oversee the Department's compliance with GDPR. The DPO is assisted in this role by a number of data protection liaison officers currently assigned to various divisions throughout the Department. The DPO continues to ensure that the Department's data protection policies, notices and procedures are in place and are regularly updated. The DPO is also the principal point of contact between the Department and the office of the Data Protection Commission. Since GDPR the Department has not experienced any data breaches. My Department has secure policies and procedures in place which are kept under review to ensure the protection of departmental and Government records.
Given the growing importance of digital matters in both the national and international spheres, the economic division in my Department will continue to contribute to cross-departmental work on digital and related data issues which are relevant to Ireland's interests. The Minister for Justice has overall responsibility for data protection policy and legislation.
I wish to raise two specific matters with the Taoiseach. The first relates to the records of the interdepartmental committee to establish the facts of State involvement with the Magdalen laundries or, as it is more commonly known, the McAleese report. In its statement on mother and baby homes last month, the Government committed to ensuring that the rights of all citizens to access personal information about themselves and their rights under GDPR are fully respected and implemented. The Government also committed to providing the additional resources necessary to fulfil this commitment. The Government's confusion on GDPR rights demonstrates the need for Departments to invest in data protection expertise. This point is relevant to the Taoiseach's Department as it holds the records of the McAleese report. The Taoiseach has confirmed that persons can access their records and I want to know what preparation and additional expertise he has put in place to ensure that this commitment can be met.
I also want to raise with the Taoiseach the significant number of data protection breaches identified by Departments last year. In total there were 778 breaches across 15 Departments but just three Departments accounted for 80% of these breaches. The Department of Social Protection accounted for more than half, followed by the Departments of Justice and Foreign Affairs. Of considerable concern are the breaches that took place within the Department of Justice, notably the loss of a USB stick relating to the Hickson commission of investigation. The device was lost in transit along a one and a half kilometre route between two Department buildings on Hanover Street and Haddington Road in Dublin and was never recovered. The loss was recorded in May 2019 but the first the victims learned of this data breach was in the media last month. The Taoiseach is aware that victims of Mr. Bill Kenneally have fought a long battle for the establishment of this inquiry. They have also raised very significant concerns that have not been adequately addressed by the Minister for Justice or the Garda Commissioner. I hope the Minister for Justice has informed the Taoiseach of these matters.
This is a very important issue. Two weeks ago during a debate with the Tánaiste I asked him if he had ever leaked confidential Cabinet information. In his response he prevaricated and said "nothing of this nature". In other words, there was an acceptance that information from the Cabinet had been given out.
Has the Taoiseach ever conducted a review of the security of documentation within his Department or a review of the security of Cabinet information? Has he considered carrying out a review of leaks from his Department under the previous Administration? We had a situation during the term of the last Government where a foreign minister accused the then Taoiseach, now Tánaiste, of leaking in negotiations with the British Government. That is a very serious accusation and I want to know if the Taoiseach has done any checks with regard to leaks of that nature.
Last week I asked the Tánaiste if he had friends over for drinks in the Taoiseach's residence in Farmleigh during the lockdown restrictions in May but he did not answer my question. It is a very serious question and I am surprised that he did not answer it given that Ministers have lost their jobs because they broke the restrictions previously. Has the Taoiseach asked the Tánaiste if he breached the restrictions in May and if so, what answer did he give?
As Deputy McDonald said, there have been issues relating to data security in the Department of Justice. I have spoken in the House previously on a whole load of IT issues relating to Windows 7 and the upgrade to same which has still not been sorted. Given Covid-19 and the fact that so many people are working from home, this is a pretty serious issue.
In the context of data protection and judicial appointments, is the Taoiseach provided with information and details on other candidates that may be considered and if so, how is that data transferred to him from the Department of Justice? Is it sent via email or is it done orally? I ask the Taoiseach to confirm to the House whether he has ever been briefed by the Department of Justice or the Minister for Justice on any candidates and their suitability? How is that information stored? Where is it stored? Is the Taoiseach briefed by his Secretary General prior Cabinet meetings in regard to those individuals? Is he briefed on this when he is setting the Cabinet agenda for the following week? Is he briefed on the Thursday or Friday of the week before, prior to setting the Cabinet agenda for the following Tuesday? Is he briefed by the Secretary General to the Government on those issues as well?
Since the recent furore surrounding legislation relating to mother and baby homes and the issues regarding attempts to seal information relating to survivors, I have been inundated with contacts from survivors who are particularly concerned about the issue of industrial schools. One thing that I did not know was that the data in the archive for the industrial schools was outsourced and is in the possession of an American company. The survivors I talked to expressed great concern about that fact and went on to say that they have been given indications that it is the intention of the Government, as a priority, to reverse the legislation that set up the statutory education fund which was to provide support to survivors of industrial schools. They say that the Government is prioritising this and is essentially washing its hands of its obligations to survivors of industrial schools. They said that while there is much talk about data protection, promises that were made by former Taoiseach, Bertie Ahern, back in 1999 to deliver housing support, mental health and health supports, counselling and so on have not been kept.
Many of those survivors are living in deprivation and poverty, without decent housing and without the counselling and support they were promised. I would like the Taoiseach to respond on this issue.
In regard to Deputy Boyd Barrett's point, they were met at the time. I was Minister for Education and Science during that period and became Minister for Health and Children in 2000. I established the inquiries in question and was the first Minister to open up the dark chapter in our history relating to industrial schools. We put historians into the Department of Education and Science and we put counselling in place for the people who came to access their records. Some of them discovered they had siblings they had never known of because of the way they were separated by the cruelty man or the courts and sent off to these schools. It was horrific what was done to many people.
Ultimately, a redress scheme was established. More crucially, the Department of Health and Children set up a special counselling service that was specifically targeted at survivors of the industrial schools. It took two years to set it up because the Department and the experts said we needed really well-qualified child abuse and sex abuse counsellors who knew what they were doing to staff it. Various support groups were established at the time, the Aislinn centre being one example. We had various State agencies helping with access to education, supports for apartment construction and securing housing. A whole plethora of supports were provided at the time. I understand the Deputy referred to the Caranua fund, which has been ongoing for a number of years. It is coming to an end but we will have a look at it. I am talking to the Minister for Education about that.
Deputy McDonald asked about records relating to the mother and baby homes and the Magdalen laundries. Access to the commission's archive is governed by the Commissions of Investigation Act 2004 rather than the Commission of Investigation (Mother and Baby Homes and certain related Matters) Records, and another Matter, Bill 2020. I have spoken on the record about the fact that if we had not introduced the 2020 Act, the entire database would have been made redundant and been destroyed. It was correct that the legislation passed through the Houses.
The general data protection regulation, GDPR, will apply to the archive. The Attorney General has been emphatic on that point and has clarified it for anybody who needed clarification. Individuals will have a right to apply for access to their own personal data held by the Minister in the archive of records once it is deposited by the commission, which I understand will be in February 2021. Files have also gone to Tusla and people will have access to them there as well. We are currently examining the matter and hope to be in a position to make a comprehensive statement on it at the time of the publication of the mother and baby homes report. That statement will include, for example, the question of where we archive, how we archive and how we tell the story of all these institutions, from the industrial schools to the Magdalen laundries to the mother and baby homes, in a way that does justice to the victims. We have to consult widely in this regard. I was talking to the groups concerned at the weekend and some of them, particularly direct survivors, have different perspectives on how that should be done. We must try to include everyone in the process. It is the Government's intention to create a centre that could help to provide insights to future generations on all of these areas.
In regard to the mother and baby homes, the GDPR prohibits a blanket ban on the processing of personal data. Documents furnished to the Department, when they are deposited with the Minister in February 2021, can be considered in the context of individual requests by data subjects. Those requests must be processed on an individual basis and in accordance with current relevant statute. In terms of the Magdalen laundries, the McAleese committee set out that the archive of the committee's work, which is deposited and stored centrally in the Department of the Taoiseach, would contain only copies of official records identified from across all Departments, State agencies and bodies. The originals of all such identified records have stayed in their original files and locations in order to avoid disturbance to, or destruction of, original or archived files. Access to any personal records can be sought, under the GDPR, from the relevant public bodies, subject to the normal procedures. The committee set out that the archive would also contain certain materials generated by or for the committee in the course of its work, such as correspondence, minutes and some statements and submissions. We will do everything we possibly can in this matter. Our view and disposition is to facilitate access for survivors to their records. No right is absolute, however, and the process is part of the GDPR framework. GDPR stems from European Union law and trumps other regulations.
In regard to the other issues raised by Deputy McDonald, I will follow up on them. The loss of the data device to which she referred was not something that occurred in my Department. This group of questions relates to the data protection unit in my Department. We have gone wide on it, which I accept.
With regard to Deputy Tóibín's questions, I have not investigated leaks from the previous Administration. It would be unprecedented to do so. I have never heard of it happening before that one would routinely go in and start making inquiries about, or having investigations into, previous Governments.
The Tánaiste has often said to me that he does not believe he has breached the restrictions in regard to Covid-19 regulations, as they have applied from time to time.