Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THERE WERE 75 data breaches at the Tusla, the Child and Family Agency, from 2018 to late 2019, according to the Data Protection Commission (DPC).
The DPC’s 2019 annual report details three inquiries being carried out by the DPC into Tusla.
One inquiry relates to three data breach notifications received by the DPC from Tusla between February and May 2019 relating to unauthorised disclosure of personal data.
In one breach, Tusla accidentally disclosed the contact and location data of a mother and child victim to an alleged abuser.
In another incident, Tusla accidentally disclosed contact, location and school details of foster parents and children to a grandparent. As a result, that grandparent made contact with the foster parent about the children.
In the third breach, Tusla accidentally disclosed the address of children in foster care to their imprisoned father, who used it to correspond with his children. This inquiry commenced in October 2019 and a draft inquiry report has been issued to Tusla.
An inquiry that commenced in December 2019 relates to a breach notification received from Tusla last November regarding an unauthorised disclosure of sensitive personal data. The disclosure was made to an individual against whom an allegation of abuse had been made. The disclosed data was subsequently posted on social media.
An inquiry that commenced in November 2018 relates to 71 personal data disclosure breaches. The subject matter of the breaches included inappropriate system access, disclosure by email and post and security of personal data.
The DPC conducted site inspections at Tusla headquarters and at regional offices in Dublin Central, Naas, Swords, Waterford, Galway and Cork. In the course of the inspections, a number of other data protection issues came to light which fell outside the original scope of the inquiry.
However, as these issues have relevance with regard to the protection of personal data, they will be highlighted in the Draft Inquiry Report which the DPC is currently preparing.
When asked for comment about the breaches at Tusla, a spokesperson told TheJournal.ie the organisation is “acutely aware of its responsibilities in relation to the very sensitive data we work with on a daily basis”.
“We continue to work proactively with the office of the Data Protection Commissioner to continuously improve our systems and practices to reflect data protection legislation, and the data protection rights of the children and families we work with.
“Behind what is in today’s report are very detailed investigation reports which we are significantly engaged with the Commissioner on and in fact we are due to give further detailed responses to the Commissioner next week.
“We will await the final findings of these investigations before commenting on the specific details. However, we want to assure the public that we are not waiting for the investigation reports to formally conclude before making improvements,” they said.
Catholic Church
Data breaches at several other organisations and companies are also being investigated by the DPC including Facebook, Twitter, the HSE, An Garda Síochána and the Catholic Church.
The DPC received a number of complaints from individuals who were members of the Catholic Church and many of whom no longer wished to remain as members. In the absence of a way to defect formally from the Catholic Church, the individuals expressed dissatisfaction with the ongoing processing of their personal data by the Catholic Church, in particular the retention of their personal data on sacramental registers.
As a consequence, each individual had requested the erasure of their church records, including those contained in baptism, confirmation and marriage registers. In all instances the request for erasure had been refused by the relevant parish offices.
Having considered the issue at a preliminary level, the DPC has opened an own-volition inquiry pursuant to section 110(1) of the Data Protection Act 2018. This inquiry is directed to the Archdiocese of Dublin and will examine whether there is a lawful basis for the processing of the personal data of individuals who no longer want to have their personal data so processed.
Overall, there has been a significant increase in the volume of complaints received by the DPC. The organisation said it received 7,215 complaints in 2019, an increase of 75% on the figure for 2018.
The vast majority of these complaints – 6,904 – were dealt with under General Data Protection Regulation (GDPR), and 311 complaints were dealt with under the Data Protection Acts 1988 and 2003.
The annual report outlines the work of the DPC for the first full calendar year since the introduction of GDPR.
To embed this post, copy the code below on your site
How do you accidentally give someone a phone number and address?
@niamh ryan: and maybe get them killed? No sign of pat Rabbitt on the airways, drowining in his own pomposity ,on this one ….
@niamh ryan: The same way that you accidentally input sexual assault accusations on an innocent’s file.
@niamh ryan: I’d imagine through written correspondence where all parties involved in the child/children’s care were CC’d and their contact details included in the letter(s)?
@niamh ryan:
And not once, but three times!
@niamh ryan: stupidity
An inexcusable amount of ‘accidental’ breaches of data from an organisation designed to protect the vulnerable . I assume no one was held accountable for these breaches and fired
Somebody need to be held accountable, “simple as” Until accountability and sanctions are an option, , , nothing will change !
@Ciaran105: Copy and paste strikes again. A disgraceful shower of chancers set up by the gang to provide gang members with free taxpayers money. Nothing changes for the gang.
Madness, now lets all wait for nothing to happen about this
Another “oopsy” for Tusla added to the long list, do they do anything right? Tusla & the HSE need a major overhaul from top to bottom
@SkylineSi: No need for an overhaul. Accountability and prosecutions for these inexcusable breaches would suffice.
@SkylineSi: They do plenty right but you dont hear about the success stories, it’s not news worthy for the vultures and keyboard warriors
@LittleBee: are you kidding? Accidentally disclosing information on vulnerable children, the arrest of the office worker in cork. How could any good they have done possibly be more newsworthy than this shocking behaviour. I’m sorry but enough is enough with this organisation.
Staggering incompetence and not the first “mistake” made by them! Should be disbanded, and start again but this time with intelligent people.
That doesn’t exactly inspire confidence. I’ve heard recently of another organisation where a youth outreach manager reported a serious data breach, this time it was acted upon. She was fired, for reporting it.
Jokeshop
I was in A&E a few weeks ago and due to overcrowding I overheard a conversation between a social worker and a lady. As someone who has worked in social care I was shocked and appauled that the social worker had to carry out her duty in such conditions, I filed an official complaint, not complaining about the work practices of the social worker,but that she was not provided a sufficent place to carry out her work.
While I don’t condone anything Tulsa has done,sometimes it’s not the staffs fault but the system they are being forced to work in.
Staggering incompetence!
@Tom Heffernan: To be fair, it may not be accidental. Maybe a bribe was given in exchange for contact details. In which case it is corruption, not incompetence.
Ah nevermind Tweedledum and Tweedlede parties will be back in power soon and they will sort all this out.
@G Row: with all the anti vax members in SF they’ll sort this out by decreasing the population
@Wheresmyjumper: Never mentioned Sinn Fein just sick of the same old shite.
But nevermind as long as you are ok, that’s the main thing.
@G Row: i am fine thanks, all due to the miracle of vaccinations
@Wheresmyjumper: Sorry about late reply,I don’t stay on here all day. What’s with the vaccinations conversation?
These people cannot do their jobs.
The whole HR dept in Tusla should be fired for employing those who’re not suitable to work in Public toilets.
Oh come one. Reminds me of brass eye paedophile episode. The one thing they didn’t want to happen!
https://youtu.be/SRRw1ERj2Gc
Wonder if the people who want their church records erased have to give back their Confirmation money.
Accidentally?
We need more outrage from the public if Tusla is to be eliminated.
No doubt a few people will be fired for this …
A family member of mine is a Foster carer. Last year, she received a letter from a social worker and found a page of notes scribbled by said social worker folded in with her letter that had details, including names and addresses of an at risk child and her mother. Unbelievable.
have your say