Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

478. To ask the Minister for Children, Equality, Disability, Integration and Youth further to Parliamentary Question No. 532 of 3 October 2023, if he will provide detail on the nature of the data breaches suffered by his Department; the severity of the breaches; if all individuals whose information was compromised were notified of the breach; if the Data Protection Commission was notified of all data breaches; and if he will make a statement on the matter. [45330/23]

Roderic O'Gorman (Dublin West, Green Party)
Link to this: Individually | In context | Oireachtas source

My Department processes any personal data breaches that occur in accordance with its obligations under the GDPR including reporting requirements to the Data Protection Commission and communication with affected individuals in relation to a breach of their data, as appropriate.

The Department has an internal personal data breach reporting protocol. All breaches must be formally notified to the Department’s Data Protection Officer for assessment.

The majority of the breaches that occurred in my Department in the period 2017 – 2023 were as a result of administrative error. These were generally where an email was sent to an incorrect recipient, where an intended recipient incorrectly received data as part of an email attachment, or where an intended recipient inadvertently had sight of the full email recipient list.

The table below provides the details on the number of data breaches recorded in my Department, the numbers which were reported to the Data Protection Commission and the number of instances where communication with individuals took place. In instances where data breaches were not reported to the Data Protection Commission, the breach was deemed to comprise no risk to the individual. In relation to communicating with individuals, the Department as a data controller is obliged to notify an individual of a personal data breach where the breach is likely to result in a high risk to the rights and freedoms of the individual.