Data breach at Tallaght facility leads to inquiry into Children's Health Ireland

The DPC said it became aware that there were potential issues at this site from a number of different sources of information. It said these included protected disclosures that the DPC received, and also a breach notification submitted to the DPC by CHI. 

Having reviewed the information, the DPC conducted an unannounced site inspection on Wednesday, July 16.

A statement said: "The Data Protection Commission (DPC) has today announced the opening of an inquiry into Children’s Health Ireland (CHI), relating to the physical safety and security of children’s health records within one specific CHI facility in Tallaght.

"The DPC became aware that there were potential issues at this site from a number of different sources of information, including through protected disclosures that the DPC received and also a breach notification submitted to the DPC by CHI. Having reviewed the information, the DPC conducted an unannounced site inspection on Wednesday 16 July, 2025."

It said the inquiry will "examine CHI’s compliance with their GDPR obligations, in particular relating to the security of personal data and the processes that CHI have in place for managing physical records at CHI (Tallaght)."

A CHI spokesperson said: "The Data Protection Commission has commenced an investigation into matters relating to patient records at CHI at Tallaght. We are cooperating fully with the DPC.

"As this is an ongoing regulatory process, it would be inappropriate to comment further at this time. 

"Our priority remains the protection of patient information and ensuring all personal data is handled in line with our legal obligations."

In June, Dublin’s Education and Training Board was fined €125,000 by the DPC after the personal details of 13,000 grant applicants were made available to “unauthorised persons”.