Sunday 22 September 2019

CSO admits major data breach as thousands of people's details leaked out

Census form (Stock photo)
Census form (Stock photo)

Alan O’Keeffe

The Central Statistics Office has put its hands up concerning an error by a staff member which led to a serious breach of data protection rules.

Information on thousands of people who had worked for the CSO had been inadvertently sent to individuals as a result of the mistake.

The CSO has issued “a sincere apology” for what happened.

A woman who had worked as an enumerator for the CSO in the recent census contacted the Irish Independent and complained the CSO had sent her p45 in error to someone else.

The woman said that she learned 1,000 people were affected and the information sent in error had been deleted..

The woman said she was outraged because it concerned an important document with very personal information.

The CSO not only confirmed the data breach last night but volunteered  that it did not only concern 1,000 former employees but, in fact, concerned 3,000 former employees.

A spokesman said “The Central Statistics Office confirms that between November 10 and 14,  2017, as a result of an administrative error, personal P45 information relating to 3,000 former employees was disclosed via email to 4 individuals, in breach of the Data Protection Acts.

“Three of recipients were themselves former employees who had sought access to their P45 records; the fourth was the accountant of one of these former staff members.

“The error was discovered on the 14th November and each recipient was immediately contacted and requested to provide confirmation that the emails and their contents had been deleted. These confirmations have been received.

“The CSO immediately notified the Office of the Data Protection Commissioner (ODPC) of the breach and the individuals affected have been informed by letter.”

The spokesman said “Confidentiality and protecting individual privacy are core values of the CSO.

“ This incident falls well short of the high standards of confidentiality and data governance demanded by the Office and is taken extremely seriously.

“A sincere apology is extended to those affected by this employee data breach.

“A thorough investigation of the incident is underway and additional control measures have been urgently implemented to safeguard employee data and to reinforce data governance,” he said.

A spokesman for the Data Protection Commission said last night : “I can confirm that a breach notification, in relation to the matter referred to, was submitted by the Central Statistics Office (CSO) to the Data Protection Commissioner on 14 November 2017 under our Personal Data Security Breach Code of Practice.

“The DPC is continuing to liaise with the CSO in relation to this breach.”

Online Editors

Editor's Choice

Also in Irish News