Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context

Question 662: To ask the Minister for Enterprise, Trade and Employment the details of all instances since 1 June 2002 where personal data held by his Department or any agency under its auspices were compromised in any way; if the review by his Department of data security procedures announced on 22 November 2007 is completed; and the findings of that review in terms both of prior shortcomings and of future actions. [2161/08]

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context

There have been no reported instances in my Department where personal data has been compromised since the date in question.

My Department is registered with the Office of the Data Protection Commissioner for the purpose of the Data Protection Acts. My Department is very conscious of its obligations under the Data Protection Acts, and of the need to promote awareness among staff of these obligations. In this regard all induction courses for new staff members include a segment on data protection. In September 2007 all staff in my Department were issued with a Human Resources Management Handbook in hard copy format, which includes a dedicated Section concerning the provisions of data protection legislation, and highlighting the obligations and responsibilities for staff in this area. These obligations were reiterated to all staff in my Department by way of an Office Notice in November 2007. Physical and technical safeguards are in place throughout my Department. A secure ICT infrastructure and staff awareness programmes play a key role in supporting data protection.

Regarding ICT this is a continuous process, involving a combination of appropriately skilled people and the implementation of best-practice processes and technologies. Last year, my Department with the assistance of external ICT security experts, conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) and a programme of work is currently being undertaken which is designed to deliver ongoing improvements in the security of the Departments' ICT systems thereby minimizing the risk of compromising data and/or security breaches. This includes a programme of data protection and security awareness workshops, one of which has already taken place. The workshops are facilitated by experts in the field who prior to the workshop examine the business units involved in terms of information security and data protection.

The position in relation to the review by my Department of data security procedures to protect the confidentiality of personal data is that the review is almost complete and a report on the matter is expected to be forwarded to the Department of Finance shortly.

The registration of the agencies of my Department with the Data Protection Commissioner for the purpose of the Data Protection Acts is a day-to-day operational matter for the agencies concerned and one in which I have no function.