Written answers

Tuesday, 27 November 2007

Department of Social and Family Affairs

Data Protection

8:00 pm

Photo of Paul KehoePaul Kehoe (Wexford, Fine Gael)
Link to this: Individually | In context

Question 405: To ask the Minister for Social and Family Affairs the procedures in place to protect personal data within his Department; and if he will make a statement on the matter. [31244/07]

Photo of Martin CullenMartin Cullen (Waterford, Fianna Fail)
Link to this: Individually | In context

My Department administers some fifty schemes and makes payments to one million people each week. This volume of business requires the Department to depend heavily on ICT and to have responsibility for significant amounts of data.

Data is generated by staff entering information to internal data-bases or by receipt of information from external agencies such as the General Register office in respect of births. Data is stored in the Department's data centres with arrangements in place for inter-site backup and security.

My Department relies on other agencies in carrying out its business, for example An Post for payments, and Revenue for the collection of PRSI contributions. Information is also provided to other agencies such as the CSO and Health agencies for various purposes in accordance with legislation. This necessitates exchanges of data on a regular basis with the relevant organisation.

My Department operates a policy whereby personally identifiable information must be exchanged legally and securely and must be capable of being audited. Data provided to service providers is typically transferred over direct secure electronic links. Backup arrangements for these include encryption of physical files. While the Department is satisfied that other data exchanges (e.g. off-site backup) have been carried out in an appropriately secure manner, it is reviewing all data exchanges in view of recent events in the UK.

Over the past few years, the Department has undertaken a number of Information Security projects and has established internal structures to implement its policies. In tandem with this, technical work has been carried out on the Department's infrastructures and systems. It is clear, however, that further work, resources and time are required to achieve an optimum operational state.

Finally, a High-Level Group has been established within the Department to review access management and control. The primary focus of the Group is to formulate the Department's policy on access to data and to initiate a further work programme to address the issues involved.

Comments

No comments

Log in or join to post a public comment.