Aengus Ó Snodaigh (Dublin South Central, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

179. To ask the Tánaiste and Minister for Social Protection the additional safeguards she has in place in her Department to safeguard against the illegal elicitation of personal data, in the wake of the recent revelations that a rogue private investigator is suspected of using illegal tactics to obtain data belonging to hundreds of credit union customers from officials in her Department. [30909/15]

Joan Burton (Dublin West, Labour)
Link to this: Individually | In context | Oireachtas source

The Department takes its responsibilities in relation to data protection very seriously. Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. The Department has data protection and information security policies, standards, procedures and guidelines in place governing the use of its computer systems and customer data.

The Department is very aware of the threat posed by all forms of bogus callers, including those that could be described as rogue Private Investigators and others who utilise social engineering to attempt to illegally elicit personal data. A range of specific measures are in place to strengthen data protection governance and compliance within the Department.

All members of staff of the Department are regularly reminded of their data protection obligations and the consequences of not adhering to policies such as loss of increment, loss of entitlement to enter promotional competitions and dismissal. Staff members are required to sign annual undertakings that they have read, and will act in accordance with, data protection policies and guidelines.

A number of alerts have issued to all staff notifying them of bogus calls to the Department and giving information on modus operandi and persona adopted by the bogus callers.

A high-level working group is in place to examine, and progress, all aspects of data protection compliance in the Department.

In June the Department ran its annual Data Protection Awareness Week for staff. Activities this year included a very effective short video on social engineering which was developed in-house and made available to all staff; a data protection newsletter issued to all staff; presentations were made to hundreds of staff nationwide which included a section on ‘blagging’ and posters were exhibited in headquarter and local offices drawing attention to the importance of securing customers’ personal data.

Oversight is maintained by logging data accesses which are subject to audit. All allegations of data breaches are fully investigated and the Department cooperates fully with the Office of the Data Protection Commissioner in all its investigations.