Written answers
Wednesday, 16 October 2024
Department of Culture, Heritage and the Gaeltacht
Data Protection
Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source
136. To ask the Minister for Culture, Heritage and the Gaeltacht the number of data breaches experienced by her Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if she will make a statement on the matter. [41743/24]
Catherine Martin (Dublin Rathdown, Green Party)
Link to this: Individually | In context | Oireachtas source
I refer the Deputy to my reply to his question (PQ 45345/23, Dáil Number 297), which provides the details requested since the formation of my Department in it's current configuration in September 2020 up to 3 October 2023. The table below provides the additional information being sought since my previous reply in the same format.
I am advised that all of the additional breaches listed were deemed to be of zero or low risk, and were therefore not required to be notified to the affected data subjects or the Data Protection Commission in accordance with the Data Protection Commission Guidance on Breach Notifications, which is available at the link below.
www.dataprotection.ie/sites/default/files/uploads/2019-08/190812%20GDPR%20Breach%20Notification%20Quick%20Guide.pdf
| Year | Detail on nature of breaches | Severity of Breach | Have individuals been notified? | Was Breach reported to the Data Protection Commission? |
|---|---|---|---|---|
| 2024 | A determination of a reasonable accommodation request was accidentally copied in the wrong employee’s name by email. | Zero risk | N/A | N/A |
| An email was incorrectly sent to a member of the public which contained personal information in relation to a recipient of funding. | Low risk | N/A | N/A | |
| An incorrect name was included in the Irish language section on two of the three warrants of appointment for the National Gallery. The incorrect name was one the other selected members. | Zero risk | N/A | N/A | |
| A press release was issued to a recipient list (internal, County Councils and Government Departments) via email without using the bcc function. | Low risk | N/A | N/A | |
| A laptop, which was fully encrypted, was lost on a flight. It was subsequently recovered unaltered and without being accessed. | Zero risk | N/A | N/A | |
| An eProbation suitability sign-off email sent from NSSO was sent in error to the incorrect recipient within the Department from HR. | Zero risk | N/A | N/A | |
| 2023 | A payslip of a third party working with my Department was emailed to the Department's HR Unit in error. | Zero risk | N/A | N/A |
| A laptop, which was fully encrypted, was lost at an airport. It was subsequently recovered unaltered and without being accessed. | Zero risk | N/A | N/A | |
| An email issued to incorrect recipient in my Department, containing personal data of a third party. | Zero risk | N/A | N/A |
No comments