Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

438. To ask the Tánaiste and Minister for Justice and Equality the number of data breaches experienced by her Department in each of the past ten years and to date in 2023. [42370/23]

Helen McEntee (Meath East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) and the Data Protection Act 2018. My Department complies fully with data breach reporting requirements.

Securing and managing personal data in accordance with the GDPR principles is a priority and is governed by a comprehensive set of policies, procedures and systems. For example, a Department Data Protection Steering Group operates with membership of senior personnel from across the Department to assist the Management Board and the Data Protection Officer in fulfilling their Data Protection responsibilities.

My Department has implemented appropriate measures to ensure that all data held under its control is secure and is not at risk from unauthorised access. Measures for the protection of personal data are reviewed and upgraded where appropriate, on an ongoing basis.

Further, all staff are required to undergo data protection training in order to ensure that my Department is compliant with obligations to protect all personal data processed.

Personal data breach numbers recorded by my Department in each of the years 2017–2023 is provided in the table below.

The obligation to notify the Data Protection Commission of a personal data breach, and for the Department to maintain a register of all personal data breaches, only exists since the GDPR came into effect in May 2018. As a result, information predating that requirement is not available extending back 10 years.