Written answers

Wednesday, 24 September 2008

Department of Education and Science

Data Protection

9:00 pm

Photo of John O'MahonyJohn O'Mahony (Mayo, Fine Gael)
Link to this: Individually | In context

Question 1699: To ask the Minister for Education and Science the procedures in place to ensure that personal data stored by his Department is secure. [30128/08]

Photo of Batt O'KeeffeBatt O'Keeffe (Cork North West, Fianna Fail)
Link to this: Individually | In context

The protection of personal data is a fundamental and ongoing aspect of the work of my Department. My Department is committed to protecting personal data and takes all reasonable steps to ensure that the data it holds is protected.

Data protection compliance is part of induction training for all new staff. In addition, 256 members of staff have completed records management training, which includes training in data protection.

A Data Protection Policy, which was approved by the Office of the Data Protection Commission is in place, this has been circulated to all staff and is available to staff for download from our intranet. In June this year, my Department published a Policy for Protection of Data while using Laptops and other Mobile Data Devices and this was circulated to all staff and is available to staff for download from our intranet. My Department is about to commence deploying encryption software for use on laptops and portable storage devices, this will ensure that any data which may be stored on such devices will have a reduced risk of compromise in the event of loss or theft.

Access to offices is restricted to staff working in the area and swipe cards are required to gain access to Department buildings. Access to sections holding sensitive information is further restricted through the use of swipe cards and digital locks. Access to paper files is restricted to staff in the business area, segregation of duties controls are in place along with differing levels of authorisation. Files with particularly sensitive information are stored in a strong room with a digital lock.

My Department's technical network architecture is regularly reviewed in order to seek to ensure continued compliance with changing standards of best practice. Dual firewalls are in place to protect my Department's systems from unauthorised access by outside organisations/individuals. A global "strong password" policy is in place for the network. Access to systems is controlled, in that staff are given access rights to systems based on their job role rather than having access to all systems holding personal data. PCs and servers are securely disposed of in accordance with the Data Protection Acts and the ISO 9001:2000 standard.

My Department is currently participating on a working group which will develop guidelines (including a template code of practice) governing the treatment of sensitive and personal data by public sector organisations, including procedures for the storage, transmission, transportation, exchange and appropriate use and access of personal data (in the areas of paper records, remote access, laptops, mobile storage devices, email, data transfers). My Department will consider any changes required to existing procedures arising from the work of this group.

Photo of John O'MahonyJohn O'Mahony (Mayo, Fine Gael)
Link to this: Individually | In context

Question 1700: To ask the Minister for Education and Science the number of laptop computers, data storage devices and USB memory sticks that have been stolen or lost from his Department in 2007 and to date in 2008; and if he will make a statement on the matter. [30143/08]

Photo of Batt O'KeeffeBatt O'Keeffe (Cork North West, Fianna Fail)
Link to this: Individually | In context

The information requested by the Deputy is as follows:

2007 — 2 laptop computers were stolen and 1 USB memory card was reported lost;

2008 — to date no laptop computers, data storage devices or USB memory sticks were lost or stolen.

Comments

No comments

Log in or join to post a public comment.