Office of Data Protection Considers SoS Document Destruction Case

Civil Servants Latest Victims of Data Breach

Civil servants are the latest victims of a data breach when a shared payroll system ended up in the inbox of a different human resources department to their own writes Elaine Edwards, Irish Times. Reported to the Office of the Data Protection Commissioner at the end of October, the breach involved the personal details of 317 civil servants being inadvertently emailed to a number of local human resources departments. The details included the employees names, PPS numbers, grade and department.

The payroll service is managed by PeoplePoint, who are part of the overall HR Services Delivery Model comprising of 3 elements, Peoplepoint, Local HR and the Civil Service HR Directorate. They were introduced as a cost reduction initiative in 2011 by the Department of Public Expenditure and Reform.

The unfortunate data breach was caused by human error as reported by PeoplePoint to the Data Commissioner. As the report was not intended for distribution by email it wasn’t encrypted.  PeoplePoint discovered the error and immediately tried to remedy the breach with unsuccessful attempts to recall the email.  Corrective action followed. An email was issued requesting recipients to confirm that the email was deleted, not copied or further circulated. Individual contact was made with the personnel officers of the affected HR departments to inform them about the breach and the remedial plans in place.

This is the latest in a line data breaches. In September 2 separate investigations were launched following the discovery of dumped patient medical files by a member of the public outside Our Lady of Lourdes Hospital.

 

© Copyright of Datagroup 2009-2015