Staff details on latest missing State laptop
The office of the Data Protection Commissioner said yesterday it was investigating the loss of a laptop computer from the Comptroller and Auditor General’s (CAG) office which held information on IDA companies. The comptroller’s office admitted the laptop was one of 16 it has lost since 1999, only one of which has been found.
However, it emerged last night that the computer, believed to have disappeared from a bus stop, also contained personal information about staff employed in at least one Government department.
It is not known if the information was protected or if it could be accessed by an unauthorised person. The Data Protection Commissioner’s office said from what it knew so far, it was “concerned”.
The disclosure comes after a series of data security breaches involving public and private bodies this year but is all the more embarrassing because the Comptroller and Auditor General is the official watchdog tasked with investigating inefficiencies in Government departments and public bodies.
Company data on the most recent lost laptop is understood to relate to IDA grants. Some of that information, such as the sums awarded, is public but other details, such as information provided in grant applications, is confidential.
IDA spokeswoman Ruth Croke said the authority was in contact with the affected companies but declined to comment on the nature of the information lost.
“While the investigation is ongoing, all we can say is that we have been notified about it and we are being kept informed by the Data Protection Commissioner.”
Staff whose personal details were on the laptop were informed recently but it is not yet certain if they are the only civil servants affected. The CAG’s office would not discuss how the latest loss happened or what information was involved.
In a statement it said that since last year its laptops needed a password to log on and had an encryption programme, Teammate, to protect data collected during audits of public bodies. It also said encryption was being extended to other material carried on laptops.
However, it is not clear whether encryption was activated in the latest missing computer. The statement said: “Current instructions require staff to provide a declaration that their computers do not contain any client data except within the encrypted Teammate file structure. Verification checks for compliance with this requirement have been put in train.”
Diarmuid Hallinan, spokesman for the Data Protection Commissioner, said the seriousness of the security breach was not yet known as the investigation would continue for at least a month but added: “From what we have found out so far, we are concerned.”
The CAG said it was in the process of improving data security. “The office has had preliminary discussions with the Data Protection Commissioner and intends to ask him to conduct a detailed security audit of its systems and procedures.”
Ms Croke said the IDA’s own staff laptops were all data-protected. “We have very sophisticated encryption technology,” she said.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
