Seán Crowe (Dublin South West, Sinn Fein)
Link to this: Individually | In context

Question 47: To ask the Minister for Social Protection if she has met the Data Protection Commissioner to discuss the additional security measures required to accompany the increased computerisation that is being rolled out across her Department; and her plans for same. [21326/11]

Joan Burton (Dublin West, Labour)
Link to this: Individually | In context

The Data Protection Commissioner is fully aware of the Department's investment in technology and how it is prioritising the security of customer information in its latest generation ICT systems. He has this knowledge from his audit of the Department in 2008 and subsequent ongoing progress reports and meetings with my officials. The Department continues to work closely with the Data Protection Commissioner to ensure that its information security standards and protocols reflect the highest international standards, in order to provide assurance to its customers that their personal information is fully protected and processed in a secure manner. My Department administers more than 50 separate social welfare schemes and services. Over one million people each week receive a social welfare payment. The nature and volume of its business means that my Department is heavily dependent on ICT facilities to carry out the bulk of its business and it bears responsibility for a significant amount of personal data.

The Department is fully aware of its obligation to safeguard the security of these data. It employs a wide range of measures to protect the confidentiality, availability and integrity of information. Over the past few years, the Department has undertaken a number of Information Security projects. Examples of the work currently ongoing in this area include the development of a range of information security protocols, the classification and tagging of all personal data held on the Department's information systems and the implementation of an identity and access management framework. In addition, technical work has been carried out on the Department's infrastructures and systems. The Department is also ensuring that higher levels of data protection are built into its latest generation of ICT systems to reflect the increased threats in this area. Considerable resources have also been devoted to increasing the security and monitoring facilities in its older systems.