Irish Government data breach slammed as ‘serious incident’

11 Aug 2008

The loss of a laptop containing social welfare details of a significant number of Irish citizens has been labelled a “serious incident” by the Data Protection Commissioner, Billy Hawkes.

It emerged last week, following an audit by the Comptroller and Auditor General (CAG) at the Department of Social and Family Affairs, that a laptop containing details of a substantial number of Irish social welfare recipients went missing in July.

It is understood that as many as 390,000 details of social welfare recipients were contained on the missing laptop.

The data loss has implications not only for the citizens whose data was misplaced but also for a number of agencies involved and the matter has escalated to a full investigation by the Data Protection Commissioner, with meetings scheduled to take place this week.

It is understood the laptop was lost or stolen at a bus stop in Dublin last month.

It is unclear whether the data on the laptop was protected by encryption technology, despite high-profile disclosures this year that laptops belonging to Bank of Ireland Life and the Irish Blood Transfusion Service had been stolen.

In the first case, a laptop belonging to the Irish Blood Transfusion Service containing details of 175,000 blood donors was stolen in New York. Following an investigation by the Data Protection Commissioner, it was found the laptop was protected with encryption software and the risk of data loss was considered negligible.

However, in the case of Bank of Ireland Life, a number of laptops went missing in the past year with details of 31,000 life assurance account holders and these weren’t protected by encryption technology. The bank has pledged to reimburse the account holders if it can be proved they subsequently fall victim to fraud.

In relation to the latest case of a lost or stolen laptop belonging to the Department of Social and Family Affairs, Data Protection Commissioner Hawkes confirmed the missing laptop was reported to his agency last week.

He described the loss as a “serious incident” and expressed concern at the potential implications for those affected by “this breach of data security”.

The Commissioner said he has spoken with the Comptroller and Auditor General, John Buckley, in relation to the incident and senior officials from the Office of the  Data Protection Commissioner will hold initial discussions with the CAG’s office this week. 

Hawkes said the Office of the Data Protection Commissioner is also liaising closely with the Department of Social and Family Affairs on the matter.

He said the department is seeking to contact all the people affected by the laptop’s loss and has put in place a dedicated helpdesk.

“The Commissioner also expects that all major holders of personal data in the public and private sector will be fully examining all their policies in relation to the collection and storage of data to ensure that incidents of this scale and nature can be avoided in future,” Hawkes stated.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years