Irish Government Departments, including those that deal with “the most sensitive information”, have experienced almost 6,885 data breaches over the past decade.
According to figures released via Parliamentary Questions to Aontú Leader Peadar Tóibín TD, more than half of those breaches – 3,637 – took place at the Department of Social Protection alone.
Meanwhile, there were 862 reported at the Department of Justice, and 757 at the Department of Foreign Affairs.
Notably, the majority of these were not reported to the Data Protection Commission because they were considered to be low-risk.
It’s also the case that many of the breaches were due to mistakes at the Department, such as sending emails and letters to the wrong recipient or lost electronic devices, while less pertained to more malicious means such as cyberattacks and stolen devices.
Commenting on the figures, Peadar Tóibín TD described the information as “concerning”, particularly given the fact that the Departments of Social Protection, Justice and Foreign Affairs “process the most sensitive information.”
“It is a basic expectation of any civilian that if they hand over deeply personal details to a government department – perhaps on the nature of their family situation, their income, or their health status, that these details would be treated with utmost confidentiality,” he said.
The Department of Foreign Affairs said that on top of the reported data breaches, it has also notified the Data Protection Commission of cases of postal delivery breaches regarding the loss or mis-delivery of documents in transit.
“This is very worrying information, and Aontú are seeking clarity from the Minister if there is any evidence of criminals intercepting passports between the point of issue and arrival,” Tóibín said.
Meanwhile, according to the Department of Social Protection, the vast majority of its reported data breaches were in relation to information being accidentally sent to unintended recipients via email or post.
“In order to protect the personal data of its customers and to minimise data protection incidents, a dedicated Programme Board is in place to oversee data protection matters,” the Department said.
In addition to this, the Department of Justice said that “all staff are required to undergo data protection training” in order to comply with the Department’s “statutory obligations”, and said that data protection measures are “kept under review and upgraded where appropriate.”