More than 500 data breaches at Department of Social Protection 'a matter of great concern'

A log of the incidents reveals 197 cases where correspondence was accidentally sent to the incorrect address, according to records released under FOI.

There were 125 cases involving email errors where material was sent to the wrong recipient or a larger group of people than was intended.

Another 162 cases of inadvertent inclusion of data or documents sent in correspondence to a third-party customer were also reported.

They logged 24 data breaches categorised as “other” which covered issues including the loss of personal documents or an error in redaction of files.

The department said they had provided services to an extraordinarily high volume of customers during the course of last year because of the pandemic.

A spokesperson said: “At one point, the department was processing over 50,000 claims per day. At its peak in early May 2020, 602,000 [people] were in receipt of Pandemic Unemployment Payments (PUP).

“Just under 20m PUP payments have been made to nearly 900,000 people providing income support of more than €8bn.” The department said the 508 data breaches were a “very small number” in the context of payments being processed for 2.7m individual customers.

They said they took data protection obligations very seriously and that policies, procedures, and guidelines were all kept under constant review and updated as needed.

The spokesperson added: “It is mandatory for all staff in the Department, and for new entrants, to complete the GDPR e-learning module and to obtain a pass rate of at least 80% at the exam that concludes the module. All new staff (including temporary clerical officers) must complete the module before they are granted access to any system containing customer data.”