The Department of Social and Family Affairs today (31st July 2008) published on its website the Report from the Data Protection Commissioner following his audit of the Department earlier this year. The Data Protection Commissioner’s audit focussed on the measures in place to protect the security of the personal data of customers of the Department and the extent of data-sharing in the broader public service using the Personal Public Service Number (PPSN) as an identifier.
The 37 page report lists a series of recommendations which the Department has responded to in detail covering access management, security, data sharing and data protection policies.
The Department of Social and Family Affairs (DSFA) holds extensive personal information about its customers in order to conduct its day to day business and to pay entitlements and provide a range of services over people’s lifespan. The Department takes its responsibilities to protect this information very seriously and has, for some time, been engaged in a broad programme of work to enhance the effectiveness of its information security controls.
The Department welcomes the Commissioner’s acknowledgement of the strong organisational awareness at senior management level of data protection principles and the desire to follow through on this at an operational level. The Commissioner’s Report highlights specific issues of concern and a number of areas which should be strengthened. The Department is fully committed to addressing the issues raised. The Commissioner also recognises that there are challenges in this respect for an organisation as large and diverse as DSFA. Some improvements have already been implemented while others will be incorporated into the Department’s wider information security works programme.
The Department acknowledges the concern that there have been a small number of breaches of data security in recent years. The Department can assure the public that it treats any unauthorised access to or disclosure of personal data to be an extremely serious offence. All civil servants are subject to the Official Secrets Act as well as Departmental data protection policies. All allegations of breaches are fully investigated and any staff member found to have breached the Department’s data protection policies and procedures is subject to the highest disciplinary sanction, up to and including dismissal. The Department liaises closely with the Office of the Data Protection Commissioner in that regard.
The Department wishes to thank the ODPC and the Audit Team for their professionalism and advice and welcomes the contribution that the Commissioner’s Report will make to enhance the effectiveness of its information security programme. While recognising need for improvement, the Department wishes to emphasise that it is fully committed to implementing the highest standards of data protection in respect of the information entrusted to it.
The Department is making the Report available on its website (
http://www.welfare.ie/) for information purposes. The Department’s own data protection policy is available on the website also.