Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context

Question 1465: To ask the Minister for Communications, Energy and Natural Resources the details of all instances since 1 June 2002 where personal data held by his Department or any agency under its auspices were compromised in any way; if the review by his Department of data security procedures announced on 22 November 2007 is completed; and the findings of that review in terms both of prior shortcomings and of future actions. [2157/08]

Eamon Ryan (Dublin South, Green Party)
Link to this: Individually | In context

My Department has developed and maintains a number of systems that contain personal data in addition to internal systems such as payroll or HR. These include an Integrated Fisheries Information System, a Foreshore Coastal Zone Management System, a Marine Vessel Registration System, a Mineral Exploration Licensing System, and a Petroleum Exploration System. Although the functions supported by most of these applications have been transferred to the Minister for Agriculture, Fisheries and Food, and to the Minister for Transport, my Department continues to manage and maintain them at this time.

There is one potential compromise of personal data that my Department is aware of in the time frame referred to by the question. The Integrated Fisheries Information System is used by the Sea Fisheries Division of the Department of Agriculture Fisheries and Food. On the weekend of the 2nd to the 5th November 2007, following a software upgrade, a defect was introduced into the system whereby a registered "Sales Notes" user could search for and view information on fish sales associated with other customers of the Department. Whilst this information did not include personal information it did identify the vessel name.

The vulnerability was in place for seventy hours and just two individuals accessed the search facility in that time. Shortly after the fault being brought to the Department's attention, the system was disabled and the fault rectified. In addition, procedures have been put in place to prevent a similar occurrence in the future.

Data security procedures are a day to day operational matter for State Agencies and I have no function in that regard. The review of data security procedures requested by An Tánaiste is not complete at this time. It is being prepared by my Department for submission to the Department of Finance.