Social Protection responsible for over half of 5,000 data breaches by Government departments

Fri, 06 Oct, 2023 - 02:17

Tadgh McNally, Political Reporter

Government departments have been responsible for more than 5,000 data breaches since new GDPR regulations came into effect in 2018.

New information shows that there have been a total of 5,105 data breaches across all Government departments, including a significant amount of incidents of personal information being erroneously provided to third parties.

Responses to a series of parliamentary questions from Aontú’s Peadar Tóibín show that the Department of Social Protection is responsible for more than half of these breaches, with 2,735 incidents being recorded since 2018.

In response to the question, Social Protection Minister Heather Humphreys says that the “vast majority” of these breaches are due to information being accidentally provided to third parties.

“The vast majority of the confirmed data breaches relate to incidents where customer information was accidentally and inadvertently disclosed to third parties, e.g. misaddressed correspondence by email or post,” Ms Humphreys said.

“In each of these incidents, the department followed procedures in accordance with data protection legislation and every effort was made to secure data as quickly and efficiently as possible.”

Ms Humphreys said that the department takes its data protection obligations under GDPR “very seriously”.

“In order to protect the personal data of its customers and to minimise data protection incidents, a dedicated Programme Board is in place to oversee data protection matters in the department.”

Other departments with high numbers of data breaches are primarily those that are more public-facing, including the Department of Justice, Foreign Affairs, and Agriculture. These data breaches total 648, 638, and 353 respectively. In the Department of Health, there were 62 breaches.

Mr Tóibín questioned the severity of these breaches, adding that he would be seeking clarity on whether or not all departments reported their breaches to the Data Protection Commission (DPC).

He said:

The high number of breaches from the Departments of Justice, Health and Social Protection are very striking. These are the three departments whose agencies hold the most sensitive information on members of the public.

Tánaiste and Foreign Affairs Minister Micheál Martin said that his department also reports what are described as “postal carrier breaches”, where post is either lost or misdelivered.

So far this year, his department is reporting a total of 386 postal carrier breaches, compared to 36 in 2020, 75 in 2021, and 328 in 2022.

Over half of these postal breaches stemmed from packages sent to either the UK or US, while 19% were addressed to Ireland. In particular, the department cites the impact of Royal Mail strikes as the key reason for the increase in 2022 and 2023.

Given the volume of documentation sent out by Foreign Affairs, including passports, postal breaches account for just 0.03% of applications received and dispatched by the department.