Lucinda Creighton (Dublin South East, Fine Gael)
Link to this: Individually | In context

Question 205: To ask the Tánaiste and Minister for Enterprise, Trade and Employment the measures or policies that have been implemented to prevent loss of private data from laptops, blackberries and other hand-held devices in her Department; if she is satisfied that all personal information held within her Department is secure; and if she will make a statement on the matter. [35669/08]

Mary Coughlan (Donegal South West, Fianna Fail)
Link to this: Individually | In context

My Department is very conscious of its obligations under the Data Protection Acts, and adopts a proactive approach to ensuring that personal data stored by it is kept secure. Physical safeguards, a secure ICT infrastructure and staff awareness programmes all play a role in supporting data protection in my Department. Regarding ICT this is a continuous process, involving a combination of appropriately skilled people and the implementation of best-practice processes and technologies. Last year, my Department with the assistance of external ICT security experts, conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) and a programme of work is currently being undertaken which is designed to deliver ongoing improvements in the security of the Department's ICT systems, thereby minimizing the risk of compromising data and/or security breaches.

In relation to laptops, a project is well under way within my Department to apply whole disk encryption to all laptops. The majority of existing laptops have already been encrypted and the target is to have all remaining laptops encrypted by year-end. All new laptops are being encrypted before they are issued to officers. In addition encrypted USB flash drives are provided to officers who have a requirement to carry personal data on such devices and my Department is hoping to introduce centralised USB port control on PCs and laptops in 2009.

Many officers within my Department use Blackberry devices for access to email while out of the office. My Department is applying centralised security policies to such devices, including password enforcement and the remote erasure of all data from the BlackBerry in the event that it is reported missing.

A key component of information security is user awareness and so a security and data protection awareness programme is currently underway in my Department. All induction courses for new staff members include segments on information security and data protection. In September 2007 all staff in my Department were issued with a Human Resources Management Handbook in hard copy format, which includes a dedicated section concerning the provisions of data protection legislation, and highlighting the obligations and responsibilities for staff in this area. These obligations were reiterated to all staff by way of an Office Notice in November 2007.

A programme of data protection and security awareness workshops is also under way. The workshops are facilitated by experts in the field who, prior to the workshop, examine the business units involved in terms of information security and data protection.