Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context

Question 327: To ask the Minister for Enterprise, Trade and Employment if disks, laptops or memory storage devices containing personal information about members of the public have been lost or stolen from his Department; and if he will make a statement on the matter. [5002/08]

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context

My Department's records indicate that, to date, four laptops and three blackberry devices were stolen or lost over the last seven years. I understand that none of these held personal information about members of the public. Of the four laptops reported stolen one was subsequently recovered. While none of the Blackberry devices have been recovered, my Department invoked the facility to automatically wipe all data from the devices as soon as they were reported missing and immediately cancelled the subscription with the service provider.

Last year my Department, with the assistance of an external ICT security expert, conducted a comprehensive review of ICT security across my Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) which will focus on ensuring continuity of ICT availability including increased security awareness of users, additional process and technological controls and ongoing inclusion of security considerations as part of a project's planning process. The Review took into consideration the balance that is required between ensuring integrity and confidentiality of information and systems on one hand, and availability and usability of information on the other.

The recent growth of electronic storage devices such as those mentioned in the question is a concern for my Department in terms of how it can ensure that sensitive information remains secure. Indeed, the fact of the matter is that many people including staff of my Department would personally own a number of such devices including memory keys, mobile phones, MP3 players and hand-held game consoles. Therefore, my Department is adopting a dual approach by concentrating on both awareness and prevention of any security lapses. An ICT security awareness programme is underway, involving newsletters, workshops and presentations to staff along with reminders of ICT usage policies and regulations. Furthermore, and in light of recent events internationally involving loss of media containing sensitive data, my Department has reviewed the manner in which data is transported within the Department and between the Department and other Public Bodies. A number of changes were made to the processes involved and my Department will continue to implement new procedures and technologies to ensure ongoing improvements in securing sensitive data.