Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

228. To ask the Minister for Health the number of data breaches experienced by his Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if he will make a statement on the matter. [41736/24]

Stephen Donnelly (Wicklow, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

My Department is committed to protecting the rights and privacy of data subjects and adhering to obligations as a data controller under data protection legislation. 

The Department deals with personal data breaches in line with the Department of Health’s Data Breach Management Policy.  All personal data breaches are assessed on a case-by-case basis.  Once a potential breach has been detected and secured, a risk assessment is undertaken to determine the risk to the rights and freedoms of the affected data subjects.  Under the GDPR, the Department must notify personal data breaches to the DPC unless it is unlikely to result in a risk to data subjects.  Where a breach is likely to result in a high risk to data subjects, the Department must also inform those individuals without undue delay.  All incidents are logged and reviewed to prevent a similar breach from reoccurring.

The table below sets out the number of personal data breaches logged by my Department since the introduction of the General Data Protection Regulation (GDPR) in 2018 to date.