John O'Mahony (Mayo, Fine Gael)
Link to this: Individually | In context

Question 210: To ask the Tánaiste and Minister for Enterprise, Trade and Employment the procedures in place to ensure that personal data stored by her Department is secure. [30129/08]

Mary Coughlan (Donegal South West, Fianna Fail)
Link to this: Individually | In context

My Department is very conscious of its obligations under the Data Protection Acts, and adopts a proactive approach to ensuring that personal data stored by it is kept secure. Physical safeguards, a secure ICT infrastructure and staff awareness programmes play a key role in supporting data protection in my Department. Regarding ICT this is a continuous process, involving a combination of appropriately skilled people and the implementation of best-practice processes and technologies. Last year, my Department conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) and a programme of work is currently being undertaken which is designed to deliver ongoing improvements in the security of the Department's ICT systems, thereby minimising the risk of compromising data and/or security breaches. This includes a programme of data protection and security awareness workshops, two of which have already taken place.

There are a total of fourteen Data Controllers who are responsible for all aspects of personal information held in my Department. These appointments are reviewed annually to ensure that all existing and new areas of work within my Department are registered with the Data Protection Commissioner. All induction courses for new staff members include a segment on data protection. In September 2007 all staff in my Department were issued with a Human Resources Management Handbook in hard copy format, which includes a dedicated section concerning the provisions of data protection legislation, and highlighting the obligations and responsibilities for staff in this area. These obligations were reiterated to all staff by way of an Office Notice in November 2007, and data protection awareness continues to be actively promoted on an ongoing basis in my Department.

John O'Mahony (Mayo, Fine Gael)
Link to this: Individually | In context

Question 211: To ask the Tánaiste and Minister for Enterprise, Trade and Employment the number of laptop computers, data storage devices and USB memory sticks that have been stolen or lost from her Department in 2007 and to date in 2008; and if she will make a statement on the matter. [30144/08]

Mary Coughlan (Donegal South West, Fianna Fail)
Link to this: Individually | In context

My Department's records indicate the following:

2007 — One BlackBerry device reported stolen.

2008 to date — One laptop reported stolen, one laptop reported missing, one BlackBerry device reported stolen.

There have been no USB flash drives reported lost or stolen.

My Department invoked the facility to automatically wipe all data from the BlackBerry devices as soon as they were reported missing and immediately cancelled the subscription with the service provider. The two laptops were reported not to contain any sensitive data at the time of their loss.

In a recent case where a laptop containing personal data relevant to my Department was stolen from an official of the Office of the Comptroller and Auditor General, the data in question had been supplied to that Office in encrypted format. However, it was not possible for my Department to retain control over the data once it had been delivered to that Office. The loss has been reported to the Data Protection Commissioner.