Written answers
Tuesday, 1 June 2021
Department of Children, Equality, Disability, Integration and Youth
Data Protection
Seán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source
470. To ask the Minister for Children, Equality, Disability, Integration and Youth the number of data breaches in Tusla in each of the past five years and to date in 2021. [29130/21]
Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source
The General Data Protection Regulation (GDPR) May 2018 requires parties to “document any personal data breaches, comprising the facts relating to the personal data breach”. GDPR came into force across the European Union on 25 May 2018 and Tusla has been collecting the required data. Tusla has advised that information on breaches was not routinely collected in the years prior to the introduction of GDPR. Accordingly, the information requested by the Deputy is not available for the years 2016 and 2017.
Tusla has advised of the following number of data breaches in the years 2018 to date (up to 22 April 2021):
Year | Count |
---|---|
2018 (01/01 – 24/05) | data not available |
2018 (25/05 – 31/12) | 71 |
2019 | 130 |
2020 | 362 |
2021 (01/01 – 22/04) | 109 |
Tusla's work involves the receipt, processing and storage of a large volume of highly sensitive and confidential personal data. The handling and protection of personal data in a safe and responsible way is the responsibility of each staff member in the organisation. Tusla regrets that data breaches can occur and the significant impact they may have on service users who are affected. Tusla has established a dedicated GDPR programme for the Agency, in order to enhance its compliance with GDPR, and to drive improvements across the organisation in this area.
Seán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source
471. To ask the Minister for Children, Equality, Disability, Integration and Youth the steps he will take to ensure the preservation of confidential files maintained by Tusla in view of the recent cyber-attack perpetrated on the HSE and Tusla; and if he will make a statement on the matter. [29131/21]
Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source
As an independent agency, Tusla has responsibility for its own ICT function and has engaged with the HSE, the National Cyber Security Centre (NCSC) and the Gardaí in relation to this incident. My officials and I have been in daily contact with Tusla and our partners in government since being alerted to the attack on the 14th May, to ensure the risks can be mitigated as much as possible and frontline services can be maintained. I will continue to receive updates on this matter as this work progresses.
The Deputy will be aware of Tusla's Data Management Strategy 2019 – 2022. The Strategy includes a a focus on Data Security Management with a view to minimising the risk of inappropriate access to Tusla data. The timescale and processes contained within the strategy will be reviewed in light of the impact on Tusla of the cyber attack on the HSE.
I'd also like to confirm that the High Court injunction obtained by the HSE requiring anyone in possession of stolen data not to disclose or trade in it also applies to data relating to Tusla, the Child and Family.
No comments