Ruairi Quinn (Dublin South East, Labour)
Link to this: Individually | In context

Question 638: To ask the Minister for Enterprise, Trade and Employment the number of Department owned computer desktops or laptops or other data devices, such as blackberries and memory keys, reported lost, missing or stolen from his Department in each year from 2002 to 2007; the number of these that were later recovered or found; the number still missing; if any sensitive or private data was compromised; the measures in place within his Department to secure such portable or at risk data devices; and if he will make a statement on the matter. [1513/08]

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context

My Department's records indicate the following:

2002 — One laptop reported stolen.

2003 — One laptop reported stolen.

2004 — No IT assets reported lost, missing or stolen.

2005 — One Laptop reported stolen and one Blackberry reported lost.

2006 — One Blackberry reported lost.

2007 — One Blackberry reported stolen.

Of the three laptops reported stolen one was subsequently recovered and none were reported as containing sensitive data at the time. While none of the Blackberry devices have been recovered, my Department invoked the facility to automatically wipe all data from the devices as soon as they were reported missing and immediately cancelled the subscription with the service provider.

Last year my Department, with the assistance of an external ICT security expert, conducted a comprehensive review of ICT security across my Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010), which will focus on ensuring continuity of ICT availability including increased security awareness of users, additional process and technological controls and ongoing inclusion of security considerations as part of a project's planning process. The Review took into consideration the balance that is required between ensuring integrity and confidentiality of information and systems on one hand, and availability and usability of information on the other.

The recent growth of electronic storage devices such as those mentioned in the question is a concern for my Department in terms of how it can ensure that sensitive information remains secure. Indeed, the fact of the matter is that many people including staff of my Department would personally own a number of such devices including memory keys, mobile phones, MP3 players and handheld game consoles. Therefore, my Department is adopting a dual approach by concentrating on both awareness and prevention of any security lapses. An ICT security awareness programme is under way, involving newsletters, workshops and presentations to staff along with reminders of ICT usage policies and regulations. Furthermore, and in light of recent events internationally involving loss of media containing sensitive data, my Department has reviewed the manner in which data are transported within the Department and between the Department and other Public Bodies. A number of changes were made to the processes involved and my Department will continue to implement new procedures and technologies to ensure ongoing improvements in securing sensitive data.