Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Leon Farrell/RollingNews.ie

'Lost complete confidence in them': Nearly two new data breaches at Tusla every week

Several potentially serious incidents have been reported since the Data Protection Commission launched an investigation last year.

TUSLA HAS REPORTED new breaches of potentially sensitive client information at a rate of nearly two per week early this year following the launch of an official probe into its practices.

The breaches included two incidents classified as “high risk” by the child protection agency – including one unauthorised disclosure in the Dublin/north-east region that Tusla said was the result of an intentional act by an outside party.

The cause of the second unauthorised disclosure in the most serious category of breach was still listed as “unknown”, according to incident summaries obtained by TheJournal.ie.

In total, Tusla was notified of 23 fresh data breaches during a nearly three-month period from the beginning of January. Of these, nine were classified as “medium risk”, including one in which an encrypted device was stolen.

Around three-fifths of the incidents were the result of employee mistakes or omissions, while nearly two-thirds occurred in either the Dublin/north-east or Dublin/mid-Leinster regions.

Speaking on condition of anonymity, one person who had recent dealings with Tusla told TheJournal.ie they had complained to the local office after finding the names of unrelated parties attached to documents sent by the child protection agency.

“From that moment I lost complete confidence in them. If they send a letter to me with (unconnected) names, what information have they sent about me to someone else?” they said.

Second investigation

Tusla declined to provide further details of the most serious incidents when contacted for comment. The agency said via a spokeswoman that it did not comment on individual breaches “in line with best practice”.

“Tusla’s assessment, notification and remediation breach procedures are aligned with the (Data Protection Commission) requirements and our commitment to continuous data governance improvement,” the spokeswoman said. 

TheJournal.ie previously revealed that the Data Protection Commission (DPC) had opened its second inquiry into data security at the child and family agency after a “large number” of potentially serious breaches were reported between May and late December last year. 

Under General Data Protection Regulation provisions, the DPC can order public bodies to pay fines of up to €1 million over data breaches.

The data security watchdog conducted an earlier inquiry into Tusla’s handling of sensitive information after false sexual abuse allegations were added to the file of garda whistleblower Maurice McCabe. The agency later apologised over its failings in the case.

The DPC subsequently presented 59 findings to Tusla, identifying among other “issues of concern” the continuing close links between the child protection agency and the HSE when it came to office space, services and IT systems.

Know more about this story? Email the author via peter@thejournal.ie or send a message using the secure Threema app, ID: ESUCBYMK.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
25 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds