Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context

Question 239: To ask the Tánaiste and Minister for Finance the details of all instances since 1 June 2002 where personal data held by his Department or any agency under its auspices were compromised in any way; if the review by his Department of data security procedures announced on 22 November 2007 is complete; and the findings of that review in terms both of prior shortcomings and of future actions. [2163/08]

Brian Cowen (Laois-Offaly, Fianna Fail)
Link to this: Individually | In context

There have been no instances of personal data held by my Department being compromised.

In relation to the agencies under the remit of my Department, I have been advised by the Revenue Commissioners that there have been a number of investigations into instances of inappropriate accessing of information by Revenue staff since 1 June 2002. Appropriate sanctions have been, and are, taken against staff under the Civil Service Disciplinary Code.

Revenue's Security and Confidentiality Policy informs all staff of the continuing need to maintain the highest level of confidentiality and security regarding access to and control of information used for Revenue business purposes. Revenue staff are regularly reminded of the need to protect the confidentiality of information concerning members of the public. Staff are also regularly reminded that access to Revenue information is authorised only in circumstances where there is a clear official business reason requiring such access and that any unauthorised access constitutes a serious breach of discipline and will be dealt with accordingly. Data, security systems and procedures are regularly reviewed as part of Revenue's business and strategic planning processes.

In relation to the Office of Public Works, when setting up the Freedom of Information Website in June 2004, the names of all those making requests were published. In addition, the addresses of private individuals were mistakenly displayed along with the addresses of businesses/journalists etc. This error has been rectified.

Following consultation with the Office of the Data Protection Commissioner regarding the use of individual's names, OPW is currently in the process of removing the names of all requesters from its website and has amended its FOI acknowledgement letters to reflect this change.

In 2004 and 2005 a series of articles about OPW related issues appeared in the Irish media containing some personal information about OPW staff. However, it was not possible to establish how this information came into the possession of the media.

The Government made a decision (which I announced in November 2007) to review the systems and procedures operated by Departments and Agencies which are in place to protect the confidentiality of personal data and to prevent its improper release. In that context, my Department is required to furnish the Government with a report. Consequently, my Department has written to all Departments and Offices requesting details of the systems and procedures in place. These details are scheduled to be returned to the Department of Finance by 1st February 2008.