Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

172. To ask the Tánaiste and Minister for Justice and Equality the number of data breaches experienced by her Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if she will make a statement on the matter. [41738/24]

Helen McEntee (Meath East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I can assure the Deputy that my Department is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) and the Data Protection Act 2018. My Department complies fully with data breach reporting requirements.

Securing and managing personal data in accordance with the GDPR principles is a priority and is governed by a comprehensive set of policies, procedures and systems. For example, a Data Protection Steering Group operates with senior personnel drawn from across the Department to assist the Management Board and the Data Protection Officer in fulfilling their Data Protection responsibilities.

As the Deputy will appreciate, my Department is a large and growing organisation with over 3,500 staff providing a wide range of public services to hundreds of thousands of people each year, increasingly in digital format and with increasing volumes year on year.

My Department has implemented measures to ensure the security of all personal data and limit risks of unauthorised access. Measures for the protection of personal data are kept under review and upgraded where appropriate.

Furthermore, all staff are required to undergo data protection training in order to ensure compliance with statutory obligations.

The obligation to notify the Data Protection Commission of a personal data breach, and for the Department to maintain a register of all personal data breaches came into effect in May 2018. As a result, detailed information predating that requirement is not available but my Department recorded six breaches for the years 2017 and 2018.

The information requested by the Deputy from the introduction of the GDPR in May 2018 to date is set out in the table below.