Tusla Faces ⁤Scrutiny as Data Breaches Rise Despite €200,000 in Fines

Dublin,Ireland -​ Ireland’s child and family agency,Tusla,has⁣ seen a significant increase in ⁣data breaches since 2020,the same year⁤ it was fined a ​total of €200,000 by the Data Protection commission (DPC) for alleged breaches of the EU’s ⁤General Data Protection Regulation (GDPR). The escalating ‍figures have drawn sharp criticism from civil​ liberties advocates, who are calling for renewed DPC intervention.

Escalating breach Numbers Raise Alarm Bells

In 2020, Tusla faced three separate investigations by the DPC, resulting in fines of €75,000, €40,000, €50,000, and €35,000. The ⁣DPC’s directive at the time was for Tusla to “bring it’s processing operations into compliance… by implementing‌ appropriate organisational measures to ensure a level of security appropriate to the risk.”

However, data reveals a concerning upward trend in reported breaches. Following⁣ 362 ⁢breaches in both 2020 and 2021, ⁢the numbers climbed to 408 in ⁤2022, 481 in 2023, ‍and 441 in ⁣the most ⁢recent year.

The DPC confirmed that while no investigations ⁣into Tusla have occured since August 2020, it has maintained ongoing engagement to ensure compliance with previous orders. “in addition, the DPC⁣ has regular and ongoing engagement with Tusla like we have with all other public⁣ sector bodies,” a spokesperson stated.

Civil liberties Group Demands Action

The Irish Council for Civil Liberties (ICCL) has labelled the rising breach ​numbers as “very concerning.” A spokesperson highlighted ‍the sensitive nature ⁢of the data tusla handles,‍ stating, “Tusla processes very sensitive data about vulnerable people, including children. We⁢ are not just talking about ⁢people’s rights to privacy and data protection, but also in certain specific cases thier safety.”

The ICCL’s statement ‌continued, “These figures ⁣raise serious questions about how Tusla is ​carrying out its obligations under the GDPR and what policies and protocols are in‌ place.The ‍Data Protection Commission should examine these figures and take appropriate action.”

Tusla Responds to Data Breach Concerns

A Tusla⁢ spokesman acknowledged the occasional occurrence of breaches due to the “large volume of data we⁢ process daily,” admitting thay “can have a significant impact on those involved.” The agency emphasized its awareness of responsibilities concerning sensitive data and ⁣its‍ commitment to taking all breaches “very seriously.”

“In the case of any data ‌breach, ‍we will ‍react quickly to inform impacted persons or their ⁤parent/caregiver of the breach, identify the cause and undertake a full assessment and extensive risk evaluation,” the spokesman explained.

Tusla outlined its proactive measures, including ⁣systematic reviews⁤ of all reported incidents, and the adaptation of training and operational practices to mitigate future breaches.”We will continue to ⁢work with ‌the ⁣DPC with full transparency on ​the⁢ matter, as appropriate. Where required,we take all possible steps to recover the details⁤ subject to the ‌breach.”

The agency also detailed a comprehensive, multi-year program aimed at enhancing awareness of data breaches, reinforcing staff’s duty to report, and reducing the overall risk of breaches. The‍ spokesman concluded by noting a recent positive ⁣development: “Over the last year there has been​ a 63 per cent reduction in ‘high-risk’ breaches,​ a ​29 per cent ⁣reduction in ‘misaddressed post’ and an 18 per cent decrease in ‘information overshare’ breaches.”