Lucinda Creighton (Dublin South East, Fine Gael)
Link to this: Individually | In context

Question 596: To ask the Minister for Education and Science the measures or policies that have been implemented to prevent loss of private data from laptops, blackberries and other hand-held devices in his Department; if he is satisfied that all personal information held within his Department is secure; and if he will make a statement on the matter. [35668/08]

Batt O'Keeffe (Cork North West, Fianna Fail)
Link to this: Individually | In context

My Department is committed to protecting personal data and takes all reasonable steps to ensure that the data it holds is protected.

Data protection compliance is part of induction training for all new staff. In addition, 256 members of staff have completed records management training, which includes training in data protection.

A Data Protection Policy, which was approved by the Office of the Data Protection Commission is in place, this has been circulated to all staff and is available to staff for download from our intranet. In June this year, my Department published a Policy for Protection of Data while using Laptops and other Mobile Data Devices and this was circulated to all staff and is available to staff for download from our intranet.

Access to offices is restricted to staff working in the area and swipe cards are required to gain access to Department buildings. Access to sections holding sensitive information is further restricted through the use of swipe cards and digital locks.

Access to paper files is restricted to staff in the business area, segregation of duties controls are in place along with differing levels of authorisation. Files with particularly sensitive information are stored in a strong room with a digital lock.

My Department's technical network architecture is regularly reviewed in order to seek to ensure continued compliance with changing standards of best practice. Dual firewalls are in place to protect my Department's systems from unauthorised access by outside organisations/individuals. A global "strong password" policy is in place for the network. Access to systems is controlled in that staff are given access rights to systems based on their job role rather than having access to all systems holding personal data. PCs and servers are securely disposed of in accordance with the Data Protection Acts and the ISO 9001:2000 standard.

On 24th October, my Department will begin the pilot phase of a project to deploy encryption software for use on laptops and portable storage devices; this will ensure that any data which may be stored on such devices will have a reduced risk of compromise in the event of loss or theft.

My Department is currently participating on a working group which will develop guidelines (including a template code of practice) governing the treatment of sensitive and personal data by public sector organisations, including procedures for the storage, transmission, transportation, exchange and appropriate use and access of personal data (in the areas of paper records, remote access, laptops, mobile storage devices, email, data transfers). My Department will consider any changes required to existing procedures arising from the work of this group.