Written answers
Tuesday, 17 October 2023
Department of Communications, Climate Action and Environment
Data Protection
Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source
112. To ask the Minister for Communications, Climate Action and Environment further to Parliamentary Question No. 154 of 3 October 2023, if he will provide detail on the nature of the data breaches suffered by his Department; the severity of the breaches; if all individuals whose information was compromised were notified of the breach; if the Data Protection Commission was notified of all data breaches; and if he will make a statement on the matter. [45334/23]
Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source
My Department has a full suite of policies and procedures in place relating to data protection, as required by legislation, including a data breach policy. My Department's Data Protection Officer oversees robust training to all staff and engages in regular data protection awareness-raising campaigns. The information on data breaches requested by the Deputy is set out in the table beneath:
| Year | No. of Recorded Personal Data Breaches (up to 16 October 2023) | Nature of Breaches | Severity of Breaches | All Individuals Informed | DPC Informed Yes/No |
|---|---|---|---|---|---|
| 2023 | 19 | Lost/Stolen Device – 8 Confidentiality Breach (unintentional publication or sharing of personal data - 11 | Low Risk – 17Medium Risk -1 High Risk - 1 | Yes (Where a breach is likely to result in a high risk to the affected individuals) | DPC informed of one high risk and one medium risk cases only. |
| 2022 | 5 | Lost/Stolen Device – 2 Confidentiality Breach (unintentional publication or sharing of personal data -3 | Low Risk - 5 | N/A | No – All low risk breaches. |
| 2021 | 6 | Confidentiality Breach (unintentional publication or sharing of personal data – 5 Cyber Attack - 1 | Low Risk – 6 | N/A | No – All low risk breaches. |
| 2020 | 0 | N/A | N/A | N/A | N/A |
| 2019 | 1 | Confidentiality Breach (unintentional publication or sharing of personal data – 1 | Low Risk - 1 | N/A | No - low risk breach. |
| 2018 | 4 | Confidentiality Breach (unintentional publication or sharing of personal data) – 3 Ransomware Attack - 1 | Low Risk – 3High Risk - 1 | Yes (Where a breach is likely to result in a high risk to the affected individuals) | Yes – in the High Risk case. |
| 2013 - 2017 | 0 | N/A | N/A | N/A | N/A |
No comments