Departments reviewing data security - Cowen

Reviews by all Government departments of data security are expected to be completed early in the new year, according to Tánaiste Brian Cowen.

Mr Cowen told the Dáil that departments had been asked to detail the "general systems and procedures in place, the arrangements for the transfer of data and the audit facilities accompanying such systems and procedures, and how these procedures are reviewed" and followed.

He was responding to Fine Gael deputy leader Richard Bruton, who asked about the criticisms of public bodies by Data Protection Commissioner Billy Hawkes.

The criticisms came in the wake of Britain's most significant security breach when two discs containing personal details of about 25 million people went missing after they were posted without being registered.

Mr Hawkes expressed serious doubts about the quality of data security measures in Irish public bodies.

He said he was "not at all satisfied" with some of those agencies.

The data protection commissioner said he hoped that what had happened in Britain would be a "wake-up call" for Ministers and for Irish bodies that needed to improve their standards.

Last month a high-level group was established to review access to confidential information following leaks from the Department of Social and Family Affairs.

The Government issued instructions to all departments and State agencies to review their data security provisions after it emerged that a department employee leaked confidential information to his brother, a criminal. The brother then used it to attempt to extort money from three men and burgle a fourth.

Mr Cowen yesterday cited specific statutory provisions, which he said "provide that appropriate security measures should be taken against unauthorised access to or unauthorised alteration, disclosure or destruction of data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing".

He said agencies and individuals holding personal data had to register each year with the data protection commissioner, giving details of the data held.

"Under our legislative framework, organisations must also designate a data controller who will have statutory responsibility for compliance by organisations with the provisions of the Acts," the Minister added.