Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

78. To ask the Minister for Finance the number of data breaches experienced by his Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if he will make a statement on the matter. [41733/24]

Jack Chambers (Dublin West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

My Department documents any personal data breaches that have occurred in the Department in accordance with its obligations under Article 33(5) of the General Data Protection Regulation (GDPR).

According to records in my Department, there were no data breaches on the part of the Department between 2013 and 2018. The table below provides the number of data breaches by year since the introduction of the GDPR on 25 May 2018 to date.

The Deputy should note that my Department has a data breach management policy in place to ensure that any data breaches are dealt with as required under Articles 33-34 of the General Data Protection Regulation (GDPR). For operational security reasons, my Department is not in a position to provide any details of its cyber security systems, as it would be inappropriate to disclose information that may in any way assist those with malicious intent.

I am informed that the nature of data breaches which have been identified since 2018 in my Department fall into three broad categories: accidental exposure of personal data to unauthorised persons; the loss or theft of IT equipment; and personal data shared in error with unintended recipients. Of those breaches, only a small portion (six) warranted formal notification to the Data Protection Commissioner, and these were fully resolved. Immediate follow-up action was taken by my Department in respect of all of the breaches and I understand that in some cases that data subjects were informed out of courtesy despite there being no or low risk to them.