Paul Kehoe (Wexford, Fine Gael)
Link to this: Individually | In context

Question 559: To ask the Minister for Education and Science the procedures in place to protect personal data within her Department; and if she will make a statement on the matter. [31237/07]

Mary Hanafin (Dún Laoghaire, Fianna Fail)
Link to this: Individually | In context

There are a range of measures in place to safeguard personal data held by various business units in my Department. My Department has produced a set of guidelines for all staff which sets out the issues to be considered when collecting, storing and processing personal data. Staff are made aware of their obligations under the Data Protection Acts, 1988 and 2003 at induction courses when they join the Department and at Records Management Training courses.

For the purposes of the Data Protection Acts, my Department has nine data controllers registered with the Data Protection Commissioners. These data controllers are responsible for ensuring that appropriate processes and procedures are in place to safeguard personal data held in their sections. My Department also has a Data Protection Officer who coordinates issues centrally and works with sections to address particular issues.

Relevant procedures in place at business unit level include use of security passwords, lock-up procedures, closed offices, segregation of duties, secondary authorisation, hard copy paper trails and audits. For example, the level of access to electronic files and databases that hold personal information is limited to staff working in specific areas and at specific grades within that area. Also, the level of access to paper files is controlled by lock-up procedures and closed offices.

My Department also has arrangements in place for the disposal of confidential material. This includes the shredding of paper records and rendering the hard disks of old PC's so that they are unusable.

My Department has recently recruited a Records Manager who, as part of her remit, will be reviewing the processes and procedures in place for the management of all records in the Department.

In light of recent events in the UK, my Department is carrying out a review of systems and procedures in place for safeguarding personal data, including where personal data is being transferred.