Joe Costello (Dublin Central, Labour)
Link to this: Individually | In context

Question 290: To ask the Minister for Health and Children the reason blood donors records were being transported in the public arena by a staff member of the New York blood centre without security on a New York street; the steps being taken to prevent such records being stolen in future; the steps being taken to allay donors' fears; and if she will make a statement on the matter. [9184/08]

Mary Harney (Dublin Mid West, Progressive Democrats)
Link to this: Individually | In context

The Irish Blood Transfusion Service (IBTS) entered into an Agreement with the New York Blood Centre Inc (NYBC) for the provision of a data query tool on 23 October 2007. The purpose of the data warehousing and reporting tool is to improve the existing IBTS blood banking system computer system, Progesa in order to provide a better service to its donors and clients. Under the terms of that agreement, the IBTS exported data on CD from its Progesa system. The data was encrypted using a 256 bit key encryption, prior to export on a CD.

The IBTS is very conscious of its obligations under the Data Protection Acts to take appropriate security measures against unauthorised access to, or unauthorised alteration, disclosure or destruction of data. In this instance, the IBTS is confident that it has complied with these obligations by virtue of the robust security measures which have been taken by the Service and NYBC and considers that the risk of any person being in a position to bypass password controls and decrypt the data is extremely remote. The IBTS informed the Data Protection Commissioner as quickly as possible of the details of the case and the Commissioner has been in regular contact with the IBTS on the matter. The Commissioner has noted publicly that the IBTS had a legitimate reason to send the data out of the country, that it had taken its responsibilities to donors and clients seriously and that the information had been securely encrypted.

The IBTS has written to each donor affected to reassure them and to advise them of the possibility, however remote, that their personal data might be accessed. An information line has been set up for anyone with concerns.