Breach-tastic Irish civil service payroll system facing audit
Data Protection Commissioner to the rescue
The data-haemorrhaging payroll system for Ireland's civil service is to be audited by the nation's Data Protection Commissioner.
According to the Irish Times, almost 2,000 civil service staff were victims to a data breach back in April when their details were sent on a spreadsheet to a human resources manager in a government department who had sought details on their own staff.
Another breach last November featured more than 300 civil servants' personally identifying information being sent by PeoplePoint to other HR departments again.
PeoplePoint, which is the government-owned system for providing HR services to 39 Irish government departments, holds the details on roughly 31,000 personnel.
It holds the records of their names, their social security numbers (personal public service numbers), their pay grades and the records of their leave – all of which had been lost in April's data breach.
According to the Irish Times, since the system's introduction in 2013, “there have also been reports of other instances of personal information being disclosed to the wrong managers or departments”.
Now, Ireland's Data Protection Commissioner (DPC) is to complete an audit of PeoplePoint by the end of July, specifically regarding six formal complaints the office has opened and investigated between 2013 and 2015.
The Register has been informed that a statement will be released this afternoon regarding an audit of PeoplePoint. We will include that here when it is available. ®
A DPC spokesperson told us: "As part of the Office's planned programme of audits for 2016, an audit of PeoplePoint is underway. We will be making best practice recommendations, as appropriate, to PeoplePoint following the conclusion of the audit which we anticipate will be at end July. To date a total of six formal complaints have been opened and investigated under Section 10 of the DP Acts, one in 2013 and five in 2015."