Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

283. To ask the Minister for Rural and Community Development the number of data breaches experienced by her Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if she will make a statement on the matter. [41740/24]

Heather Humphreys (Cavan-Monaghan, Fine Gael)
Link to this: Individually | In context | Oireachtas source

My Department is committed to protecting the privacy of individuals' data in accordance with our obligations under the General Data Protection Regulation (GDPR).

Where a data breach incident is believed to have occurred, it is notified to the Department’s Data Protection Officer (DPO) for assessment. This assessment by the DPO is carried out in accordance with guidance issued by the Data Protection Commission (DPC), with reporting to the DPC occurring, as required, following that assessment.

Since the establishment of DRCD in 2017, ten incidents have been notified to, and assessed by the DPO. Of these ten incidents, three data breaches required reporting to the DPC. The specific numbers for each year are provided in the table below.

It should be noted that all ten incidents involved instances of information being shared with an incorrect recipient. In the case of each incident, immediate remedial action was undertaken to mitigate negative impacts and measures were put in place to prevent re-occurrence.