ORGANISATIONS that lose the personal data of clients have been advised to contact the Data Protection Commissioner as the first port of call.
In the public sector, recent guidance from the Department of Finance on data security advises departments and agencies to report data breaches immediately to the Office of the Data Protection Commissioner.
In a statement issued yesterday, data protection commissioner Billy Hawkes recommended the same approach be followed by all organisations. He said: “We have seen a welcome trend towards organisations seeking our advice when they suffer a data breach. Our main focus is on preventing such loss of personal data and the distress it can cause to individuals. But we recognise mistakes do happen and it is vital that organisations are ready to react.”
Mr Hawkes yesterday issued guidance on how organisations should deal with a loss of personal data.
A working group established by Minister for Justice, Equality and Law Reform Dermot Ahern is examining if changes in data protection law are necessary to deal with such breaches.
In the event of a data breach, the commissioner advised organisations to contact the Office of Data Protection immediately.
The office may ask for a detailed report of the incident, including the amount and nature of the data that has been lost, what action has been taken to inform those affected, a chronology of events leading up to the loss and a description of measures being undertaken to prevent a repetition of the incident.
Mr Hawkes said: “That means having plans in place to trace and secure the data that has been compromised to prevent any further security breaches and to warn those affected.
“It means allocating responsibility for the key decisions that have to be made in such circumstances. By these means organisations will prevent a bad situation from deteriorating further.”
The guidelines warn organisations that informing customers of a data breach is no substitute for the proper design of systems to secure personal data from accidental or deliberate disclosure.
© Irish Examiner Ltd. All rights reserved