Written answers
Tuesday, 29 June 2021
Department of Health
Data Protection
Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source
533. To ask the Minister for Health if his Department is fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to his Department’s IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27302/21]
Stephen Donnelly (Wicklow, Fianna Fail)
Link to this: Individually | In context | Oireachtas source
My Department is committed to protecting the rights and privacy of data subjects and adhering to obligations under data protection legislation. The Department of Health processes personal data to carry out the tasks required for the performance of its functions and to comply with certain legal obligations, and may receive personal data, including health data, directly from members of the public and from elected representatives seeking information or a service.
Improved IT security measures have already been put in place within my Department. A complete security review of the infrastructure is being finalised to confirm access controls and specialised software has been installed to mitigate against malicious software.
My Department continues to liaise closely with our security partner, the Office of the Government Chief Information Officer and the National Cyber Security Centre to ensure conformity with standards, and that best practice is followed in relation to all aspects of Cybersecurity.
Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source
534. To ask the Minister for Health if the HSE IT systems are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and the standards with respect to the HSE IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27303/21]
Stephen Donnelly (Wicklow, Fianna Fail)
Link to this: Individually | In context | Oireachtas source
As this Parliamentary Question relates to an operational issue, it is a matter for the HSE. However, members of the Oireachtas are advised that the HSE is currently unable to access the information to answer Parliamentary Questions due to the recent cyber-attack, which has required a temporary shut-down of HSE IT systems. The disruption to service is on-going, and the HSE is working hard to restore its IT capacity and resume normal services. Members of the Oireachtas will be advised as soon as the HSE is again in a position to provide responses to PQs and are encouraged to resubmit their Parliamentary Questions at that point.
No comments