Written answers

Wednesday, 5 March 2008

Department of Health and Children

Irish Blood Transfusion Service

9:00 pm

Photo of Michael D HigginsMichael D Higgins (Galway West, Labour)
Link to this: Individually | In context

Question 107: To ask the Minister for Health and Children if she has received a report from the Irish Blood Transfusion Service on the reason it allowed data on donors to be sent out of Ireland without the permission of those donors; and if she will make a statement on the matter. [9298/08]

Photo of Ciarán LynchCiarán Lynch (Cork South Central, Labour)
Link to this: Individually | In context

Question 141: To ask the Minister for Health and Children the information she has on the number of donors whose data was sent to the US and subsequently stolen; the part of Ireland these donors were from; and if she will make a statement on the matter. [9299/08]

Photo of Mary HarneyMary Harney (Dublin Mid West, Progressive Democrats)
Link to this: Individually | In context

I propose to take Questions Nos. 107 and 141 together.

My officials have been in regular contact with the Irish Blood Transfusion Service (IBTS) on this matter and I have been briefed accordingly. The IBTS entered into an Agreement with the New York Blood Centre Inc (NYBC) for the provision of a data query tool on 23 October 2007. The purpose of the data warehousing and reporting tool is to improve the existing IBTS blood banking system computer system, Progesa in order to provide a better service to its donors and clients. Under the terms of that agreement, the IBTS exported data on CD from its Progesa system. The data was encrypted using a 256 bit key encryption, prior to export on a CD.

The IBTS is very conscious of its obligations under the Data Protection Acts to take appropriate security measures against unauthorised access to, or unauthorised alteration, disclosure or destruction of data. In this instance, the IBTS is confident that it has complied with these obligations by virtue of the robust security measures which have been taken by the IBTS and NYBC and consider that the risk of any person being in a position to bypass password controls and decrypt the data is extremely remote. The IBTS informed the Data Protection Commissioner as quickly as possible of the details of the case and the Commissioner has been in regular contact with the IBTS on the matter. The Commissioner has noted publicly that the IBTS had a legitimate reason to send the data out of the country, that it had taken its responsibilities to donors and clients seriously and that the information had been securely encrypted.

The Data Protection Acts specifically exclude disclosure to employees or agents. It was agreed between the parties that the NYBC would act as an agent of the IBTS for the purposes of the agreement. Therefore as an agent of the IBTS, the disclosure of personal data to the NYBC does not constitute disclosure within the meaning of the Acts. At no time were these records ever unencrypted and the IBTS will continue to take every measure to protect the personal records of donors.

The IBTS has contacted all 171,324 donors affected directly to assure them that the data was protected by state of the art encryption. They have provided an information line to donors who were concerned about the data loss and since this matter became public, the IBTS has dealt with over 3,000 calls as well as many letters and emails from concerned donors. These donors were from all over the country.

Comments

No comments

Log in or join to post a public comment.