Ciarán Lynch (Cork South Central, Labour)
Link to this: Individually | In context

Question 120: To ask the Minister for Finance if he will introduce legislation as a matter of urgency to ensure that Irish banks are compelled to come clean about security breaches in relation to personal data as soon as they become apparent; and if he will make a statement on the matter. [21955/08]

Brian Lenihan Jnr (Dublin West, Fianna Fail)
Link to this: Individually | In context

I should first explain that legislative and policy responsibility for data protection is a matter for my colleague, the Minister for Justice, Equality and Law Reform. Also, enforcement of data protection legislation is the responsibility of the Data Protection Commissioner. As Minister for Finance, I have, therefore, no statutory function in relation to the matter raised by the Deputy in his question. Hence, pending consideration of this matter by the relevant Minister it would not be appropriate for me to make any substantive comment as to the case for legislation to compel holders of personal data which, the Deputy will appreciate, involves far more entities than simply banks, to disclose security breaches.

This issue does however serve to highlight once again the absolute necessity for all organisations in the public and private sector to take their data protection responsibilities seriously. In particular, all organisations should have appropriate security measures in place to protect the personal data for which they have responsibility including as necessary any portable devices on which personal data may be stored. If a need is found, appropriate security measures such as encryption should be put in place immediately.

As far as the financial sector in particular is concerned, as the Deputy may be aware the Financial Regulator has recently stressed the requirement for financial institutions to comply with all aspects of the law and regulatory requirements including in relation to compliance with Data Protection Regulations. The Financial Regulator and the Data Protection Commissioner have confirmed that they are co-operating in respect of any specific issues relating to confidential personal information held by financial institutions.