Joan Burton (Dublin West, Labour)
Link to this: Individually | In context | Oireachtas source

The Department takes its responsibilities in relation to data protection very seriously. Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. The Department has data protection and information security policies, standards, procedures and guidelines in place governing the use of its computer systems and customer data.

It is not appropriate, nor permissible, for customers’ personal data to be disclosed to private investigators acting on behalf of financial institutions. The Department is very aware of the threat posed by those who attempt to illegally elicit personal data.

All allegations of data breaches are fully investigated and the Department cooperates fully with the Office of the Data Protection Commissioner in all its investigations. Data accesses by staff are logged and are subject to audit. In addition, telephone logs are maintained and can be accessed to help aid investigations. The telephone logs give the telephone numbers of callers but not their identities. In the event of an investigation the identity of the caller can be ascertained. 8.1 million telephone calls were answered by the Department in 2014. It would not be feasible or practical to identify all callers.

A range of specific measures are in place to strengthen data protection governance and compliance within the Department.

All members of staff of the Department are regularly reminded of their data protection obligations and the consequences of not adhering to policies such as: pay reductions through loss of increments, loss of entitlement to enter promotional competitions and dismissal. Staff members are required to sign annual undertakings that they have read, and will act in accordance with, data protection policies and guidelines.

A number of alerts have issued to all staff notifying them of bogus calls to the Department and giving information on modus operandi and persona adopted by the bogus callers.

A high-level working group is in place to examine, and progress, all aspects of data protection compliance in the Department.

In June the Department ran its annual Data Protection Awareness Week for staff. Activities this year included a data protection newsletter issuing to all staff; a very effective short video on social engineering was developed and made available to all staff; presentations were made to hundreds of staff nationwide and posters were exhibited in headquarter and local offices drawing attention to the importance of securing customers’ personal data.