Data Protection Commissioner Billy Hawkes has issued a stark warning about the dangers of Irish public bodies suffering the same embarrassment as their counterparts in the UK, where disks containing the personal data of 25 million people have gone missing.
Mr Hawkes said he had serious concerns about the levels of data security in some public bodies that handle large amounts of information about citizens. He hoped the breach of data security in the UK would be a "wake-up call" for Ministers and for Irish bodies that need to improve their standards.
Warning of the dangers of individuals in public-sector bodies leaking private information, Mr Hawkes pointed out that there was clear evidence of this happening in the Department of Social and Family Affairs, where information about people had been passed to insurance companies. For this reason, the department's data protection procedures were currently being audited. "We've been warning for years about the danger of information about us previously held in silos in the public sector being brought together in centralised databases and accessible to large numbers of public servants," Mr Hawkes told RTÉ Radio's News at One programme.
While there was a case for strengthening data protection laws, the key challenge was to focus on the responsibility of organisations to guard private information safely, he said. Organisations could not allow the focus to be shifted to individuals, because mistakes would always be made.
The situation in Britain should be of concern to everyone in Ireland, he continued, because similar amounts of information were held in government departments here. He stressed the need for organisations to keep their IT systems up to date and to encrypt sensitive data. In addition, it was important that employees were trained in security protocols and that those guarding personal information realised they had an "absolute duty" to keep it secret.
Asked if he was satisfied with the safeguards in place, Mr Hawkes replied: "I'm not at all satisfied. I have serious doubts about the quality of data security in some of the major agencies which have leaked data here. That's why we're auditing them."
Any major leak of information from the public sector would cause an immeasurable loss of public confidence, he warned.
The private sector was taking its data protection responsibilities more seriously than public bodies, he added, with a far greater degree of concern over security standards. Organisations such as the banks knew they would suffer a backlash in the event of a breach of standards.
Labour's spokeswoman on social and family affairs, Roisín Shortall, called for a full review of data security procedures in Government departments.
Ms Shortall pointed to breaches of data security in the Department of Social and Family Affairs which, she said, showed that the storage of personal information was not as secure as it should be. "Their breaches do not compare in any way with the frightening amount of data lost in the UK, but they do point to the need for a full review of security arrangements," she said.
The use of passwords to protect data was of little comfort, she said, as the only secure way to protect data was through encryption of the information.
