Paul Kehoe (Wexford, Fine Gael)
Link to this: Individually | In context

Question 695: To ask the Minister for Communications, Energy and Natural Resources the procedures in place to protect personal data within his Department; and if he will make a statement on the matter. [31234/07]

Eamon Ryan (Dublin South, Green Party)
Link to this: Individually | In context

My Department is very aware of the risks such as identity theft to individuals should their personal information be made available to criminal elements.

Despite the fact that my Department holds very limited personal records other than employee details, it has invested heavily over a number of years in ensuring that every effort is made to maintain the security of both electronic and paper records.

There are multilayer electronic firewall defences backed up with electronic intrusion detection systems, which actively monitor network traffic for electronic threats. When backup tapes are removed to a certified external storage facility for disaster recovery purposes they are transported in special locked cases. The connections between my Department and other Departments or the Naval Service are across the private Government network.

My Department carries out some electronic sales via our websites. The credit card transaction is processed out by a third party and the card details are not recorded on any of our systems, just a reference number for the successful payment.

All offices are equipped with multiple locked receptacles for confidential waste and the policy is that all paper other then externally printed brochures, magazines, et cetera are disposed of in these receptacles. The contents are regularly emptied and shredded on site.

In relation to staff personal records, all personal data is protected under the Data Protection Act whereby no personal information is disclosed to a third party unless my Department is satisfied that we have the individual's consent. Access to PCs is restricted to authorised staff only and access to personal information is restricted on a need-to-know basis. All computer systems within my Department are password protected and the hard disks which contain the personal data are protected in a secure storage unit. In addition, staff personnel files are also stored in secure storage.