Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

33. To ask the Taoiseach and Minister for Defence the number of data breaches experienced by his Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if he will make a statement on the matter. [41729/24]

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

My Department can provide the following information in relation to data breaches over the past ten years (2014 to date). When the General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, my Department was required under Article 33(5) to document information relating to personal data breaches.

The number of data breaches in my Department in each of the past ten years and to date in 2024 are outlined in the table below:-

The majority (71) of the eighty-seven data breach incidents that have occurred in the last ten years, and to date this year, relate to misaddressed correspondence by email and post. Five relate to lost /stolen/misplaced devices, five relate to breaches involving the eTenders, eCorrespondence and eLists functions on the OGCIO platform. The remaining six cases relate to file transfers, access to systems and storage drives, calendar bookings, report viewing and a data breach at a data processor.

My Department takes its data protection responsibilities very seriously and makes every effort to ensure that personal data is safeguarded at all times. Technical and organisational measures, as required under GDPR, are implemented to ensure the security of personal data being processed. Data security and data privacy are central topics of all data protection awareness campaigns rolled out to staff on a regular basis. Also, my Department has a data breach protocol in place for the management of data breach incidents.