Ruairi Quinn (Dublin South East, Labour)
Link to this: Individually | In context

Question 206: To ask the Tánaiste and Minister for Enterprise, Trade and Employment the policies in place to secure portable electronic data devices in her Department; if those policies have been published; if so, the locations where they can be viewed; if a system of whole disk encryption has been rolled out to all laptops in her Department; the date by which she expects a satisfactory security policy on portable electronic data devices to have been implemented; and if she will make a statement on the matter. [32403/08]

Mary Coughlan (Donegal South West, Fianna Fail)
Link to this: Individually | In context

In 2006 my Department published a comprehensive set of IT and Information Systems security polices and standards, covering a wide range of issues including the security of portable electronic devices. These policies are published on my Department's Intranet and are presented to all new entrants to my Department as part of an induction training programme.

One of these policies concerns the implementation of laptop encryption and consequently a project is already well underway within my Department to apply whole disk encryption to all laptops. The majority of existing laptops have already been encrypted and the target is to have all remaining laptops encrypted by year-end. All new laptops are being encrypted before they are issued to officers. In addition encrypted USB flash drives are provided to officers who have a requirement to carry data on such devices and my Department is hoping to introduce centralised USB port control on PCs and laptops in 2009.

Many officers within my Department use Blackberry devices for access to email while out of the office. It is my Department's policy to invoke the facility to remotely erase all data from a BlackBerry device as soon as it is reported missing, and immediately cancel the subscription with the service provider. Last year my Department, conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) which focuses on ensuring continuity of ICT availability including increased security awareness of users, additional process and technological controls and ongoing inclusion of security considerations as part of a project's planning process. This strategy is available on my Department's website.

My Department recognises that ensuring the security of sensitive and personal information is an ongoing process. Accordingly my Department will review and update its policies, procedures and technologies as deemed necessary to ensure continuous improvements in securing such data. A key component of information security is user awareness and so a security awareness programme is currently underway in my Department, involving newsletters, workshops and presentations to staff along with reminders of ICT usage policies and regulations.

Ruairi Quinn (Dublin South East, Labour)
Link to this: Individually | In context

Question 207: To ask the Tánaiste and Minister for Enterprise, Trade and Employment the number of Department owned computer desktops or laptops or other data devices, such as blackberries and memory keys, reported lost, missing or stolen from her Department to date in 2008; the number of same later recovered or found; the number still missing; if sensitive or private data was compromised; and if she will make a statement on the matter. [32418/08]

Mary Coughlan (Donegal South West, Fianna Fail)
Link to this: Individually | In context

My Department's records indicate that to date in 2008 one laptop has been reported stolen, one laptop reported missing and one BlackBerry device reported stolen. None has been recovered or found. There have been no other computers or data devices reported lost, missing or stolen during this period. It is my Department's policy to invoke the facility to remotely erase all data from a BlackBerry device as soon as it is reported missing, and immediately cancel the subscription with the service provider. In the case of the stolen BlackBerry it was not possible to do this locally and the device was disabled by the service provider at my Department's request.

It is also the policy in my Department to encrypt all new laptops before they are issued. A project to encrypt all laptops already issued to officers of my Department is currently underway and should be completed by year-end. The two missing laptops were not encrypted but they were reported not to contain any sensitive or private data at the time of their loss.