Inquiry into Child and Family Agency - August 2020

Document

Cited authorities 10

Cited in

Year	2020
Section	Decisions made under data protection act 2018

Decision of the Data Protection Commission under Section 111 of the Data Protection

Act 2018 on foot of the

Own-Volition Inquiry under Section 110 of the Data Protection Act, 2018

regarding

Tusla Child and Family Agency

Inquiry Reference: IN-18-11-04

Commission Decision-Maker:

Helen Dixon (Commissioner for Data Protection), sole member of the Commission

Date of Decision: 12th August 2020

Contents

1. Purpose of this Document............................................................................................................. 4

2. Background .................................................................................................................................... 4

3. Topics Arising in this Decision ......................................................................................................... 6

4. Legal Regime Pertaining to the Inquiry and the Decision ............................................................... 8

5. Materials Considered ...................................................................................................................... 9

6. Data Controller .............................................................................................................................. 10

7. Personal Data ................................................................................................................................ 10

8. Analysis and Findings .................................................................................................................... 11

A. Transmitting Personal Data on the NCCIS: Security of Processing ........................................... 11

i. Assessing Risk ........................................................................................................................ 13

ii. Security Measures Implemented by Tusla ............................................................................ 15

iii. The Appropriate Level of Security......................................................................................... 15

iv. Finding ................................................................................................................................... 16

B. Transmitting Personal Data Internally by Email: Security of Processing .................................. 17

i. Assessing Risk ........................................................................................................................ 17

ii. Security Measures Implemented by Tusla ............................................................................ 18

iii. The Appropriate Level of Security......................................................................................... 19

iv. Finding ................................................................................................................................... 20

C. Transmitting Personal Data Externally: Security of Processing ................................................ 20

i. Assessing Risk ........................................................................................................................ 20

ii. Security Measures Implemented by Tusla ............................................................................ 21

iii. The Appropriate Level of Security......................................................................................... 22

iv. Finding ................................................................................................................................... 24

D. Printing and Scanning: Security of Processing .......................................................................... 24

i. Assessing Risk ........................................................................................................................ 24

ii. Security Measures Implemented by Tusla ............................................................................ 25

iii. The Appropriate Level of Security......................................................................................... 26

iv. Finding ................................................................................................................................... 26

E. Processes for Testing Security Measures: Security of Processing ............................................ 26

i. Assessing Risk ........................................................................................................................ 27

ii. Security Measures Implemented by Tusla ............................................................................ 28

iii. The Appropriate Level of Security......................................................................................... 29

iv. Finding ................................................................................................................................... 30

F. Data Accuracy: Sharing Personal Data and Updating Tusla Records ........................................ 30

i. Accuracy of Personal Data Disclosed to Third Parties .......................................................... 31

ii. Accuracy of Tusla’s Internal Records .................................................................................... 31

iii. Findings ................................................................................................................................. 32

G. Duty to Notify Personal Data Breaches..................................................................................... 32

i. The Obligation to Notify Without Undue Delay .................................................................... 32

ii. The Breach Notifications ....................................................................................................... 33

iii. Findings ................................................................................................................................. 39

H. Remaining Breach Notifications ................................................................................................ 39

9. Corrective Powers ......................................................................................................................... 40

A. Reprimand ................................................................................................................................. 41

B. Order to Bring Processing into Compliance .............................................................................. 41

C. Administrative Fines ................................................................................................................. 43

i. Decision to Impose Administrative Fines .............................................................................. 43

ii. Linked Processing Operations ............................................................................................... 56

iii. Calculating the Administrative Fines .................................................................................... 58

iv. Summary: Administrative Fines ............................................................................................ 62

10. Right of Appeal .......................................................................................................................... 62

Appendix: Personal Data Breaches Considered in the Inquiry ............................................................. 63

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Inquiry into Child and Family Agency - August 2020

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users