Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

482. To ask the Minister for Children, Equality, Disability, Integration and Youth the date when Tusla began to transfer its files to digital format; the number of files on children and families that are held digitally; the date of advertising for the role of a national digital security director or equivalent and the subsequent filling of same; the date of advertising for a national data security director or equivalent and the subsequent filling of same; the number of other digital security and data managers that have been deemed necessary in the management of this sensitive information; when these posts were advertised and filled; the number who have been appointed to date; the number who are currently in situ in relation the digital files of Tusla given the extreme sensitivity of the information Tusla holds on children and families; and if he will make a statement on the matter. [29823/21]

Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

The Tusla Data Management Strategy 2019 – 2022, published on its website, sets out a comprehensive vision for data management and an ambitious road map for the development, promotion and adoption of excellence in Data Management across the Agency. On establishment, Tusla inherited services that operated in environments with limited data maturity and has worked since establishment to improve data security. It is not possible at this point to identify the number of digital files held by Tusla on children and their families.

Tusla has advised that Tusla Recruit has successfully hired the following employees through bespoke campaigns for the ICT Department:

- A Director of ICT was appointed in 2017;

- 4 Senior Manager roles (General Manager grade) have since been appointed:

- Applications and Software Development Manager;

- Data and Business Intelligence Manager;

- ICT Infrastructure Manager;

- Service Delivery Manager.

- A General Manager ICT, with responsibility for security Policy & Compliance was appointed in 2021.

- All of the positions have security as part of their specific role.

Tusla has also advised that following the establishment of Tusla ICT, the Agency has engaged an external ICT Security Partner.  This is also supplemented with contract security specialists.

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

483. To ask the Minister for Children, Equality, Disability, Integration and Youth the number of Tusla employees who are still using HSE email addresses; the reason the roles are carried out by these staff; and if he will make a statement on the matter. [29824/21]

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

484. To ask the Minister for Children, Equality, Disability, Integration and Youth the reason seven years after its establishment, Tusla is still not fully decoupled from the HSE; if achieving this decoupling is a priority for his Department; his views on whether the process has been too slow; the date for decoupling to be achieved; and if he will make a statement on the matter. [29825/21]

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

485. To ask the Minister for Children, Equality, Disability, Integration and Youth his views on whether the ongoing connection of the Tusla and the HSE systems has put the acutely sensitive data on children and families at unnecessary risk; and if he will make a statement on the matter. [29826/21]

Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 483, 484 and 485 together.

Tusla was established in 2014 with a challenging remit to bring 19 unique and separate services under one Agency. All Tusla staff have an @tusla email address, the majority of which are hosted on the HSE network under a memorandum of understanding between Tusla and the HSE.

The Deputy will be aware of the Agency’s Data Management Strategy 2019 – 2022 under which, Tusla has been working to migrate all Tusla data sources to environments under the control of Tusla ICT by Q4 2022, thereby addressing the legacy arrangement by which much of Tusla’s electronic data sources were managed and supported by the HSE. 

I am satisfied with Tusla's progress in the development of its ICT and the approach outlined in its Data Management Strategy. The timescale and processes contained within the strategy will be reviewed in light of the impact on Tusla of the cyber attack on the HSE. The Agency is supportive of government strategy for use of shared services and will continue to avail of corporate support services provided by the HSE where appropriate.

The criminal activity associated with the ransomware attack on HSE servers is a risk for all businesses, government departments and state bodies, and is not unique to the HSE. Tusla is committed to ensuring best practice is followed as it relates to all aspects of Cybersecurity in order to protect the security of all data it holds.

Réada Cronin (Kildare North, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

486. To ask the Minister for Children, Equality, Disability, Integration and Youth if the HSE or Tusla is responsible for the holding and security of the data held given the interconnectedness of Tusla and the HSE, seven years after the establishment of Tusla; and if he will make a statement on the matter. [29827/21]

Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

Many of Tusla systems are hosted on the HSE Network under an Memorandum Of Understanding established in 2014 to provide corporate capacity and capability across a range of shared services. The HSE provide ICT services including responsibility for the security of the hosted environment. Tusla is a data controller and processor under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The HSE is a data processor on behalf of Tusla and a data processing agreement is in place.