Written answers

Tuesday, 1 June 2021

Department of Children, Equality, Disability, Integration and Youth

Data Protection

Photo of Seán SherlockSeán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source

470. To ask the Minister for Children, Equality, Disability, Integration and Youth the number of data breaches in Tusla in each of the past five years and to date in 2021. [29130/21]

Photo of Roderic O'GormanRoderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

The General Data Protection Regulation (GDPR) May 2018 requires parties to “document any personal data breaches, comprising the facts relating to the personal data breach”. GDPR came into force across the European Union on 25 May 2018 and Tusla has been collecting the required data. Tusla has advised that information on breaches was not routinely collected in the years prior to the introduction of GDPR. Accordingly, the information requested by the Deputy is not available for the years 2016 and 2017.

Tusla has advised of the following number of data breaches in the years 2018 to date (up to 22 April 2021):

Year Count
2018 (01/01 – 24/05) data not available
2018 (25/05 – 31/12) 71
2019 130
2020 362
2021 (01/01 – 22/04) 109

Tusla's work involves the receipt, processing and storage of a large volume of highly sensitive and confidential personal data. The handling and protection of personal data in a safe and responsible way is the responsibility of each staff member in the organisation. Tusla regrets that data breaches can occur and the significant impact they may have on service users who are affected. Tusla has established a dedicated GDPR programme for the Agency, in order to enhance its compliance with GDPR, and to drive improvements across the organisation in this area.

Photo of Seán SherlockSeán Sherlock (Cork East, Labour)
Link to this: Individually | In context | Oireachtas source

471. To ask the Minister for Children, Equality, Disability, Integration and Youth the steps he will take to ensure the preservation of confidential files maintained by Tusla in view of the recent cyber-attack perpetrated on the HSE and Tusla; and if he will make a statement on the matter. [29131/21]

Photo of Roderic O'GormanRoderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

As an independent agency, Tusla has responsibility for its own ICT function and has engaged with the HSE, the National Cyber Security Centre (NCSC) and the Gardaí in relation to this incident. My officials and I have been in daily contact with Tusla and our partners in government since being alerted to the attack on the 14th May, to ensure the risks can be mitigated as much as possible and frontline services can be maintained. I will continue to receive updates on this matter as this work progresses.

The Deputy will be aware of Tusla's Data Management Strategy 2019 – 2022. The Strategy includes a a focus on Data Security Management with a view to minimising the risk of inappropriate access to Tusla data. The timescale and processes contained within the strategy will be reviewed in light of the impact on Tusla of the cyber attack on the HSE

I'd also like to confirm that the High Court injunction obtained by the HSE requiring anyone in possession of stolen data not to disclose or trade in it also applies to data relating to Tusla, the Child and Family.

Comments

No comments

Log in or join to post a public comment.