NET RESULTS:THE THEFT of a laptop full of Irish blood-donor information in New York led to a flurry of coverage on the vulnerability of digital information stored in this way, writes Karlin Lillington.
Ruairi Quinn raised several appropriate, related questions in the Dáil: how many government laptops and other assets capable of storing data - Blackberries, USB keys and other personal digital devices - had gone missing over time?
It turns out that 80 such items have vanished, with little information forthcoming about what was on them. His questions are important because they highlight the lack of an overall security policy for the information itself, and for how it is transported.
Privacy advocates Digital Rights Ireland and data protection commissioner Billy Hawkes have several times called for better security surrounding Irish citizens' personal data and greater scrutiny of who is able to access information. A comprehensive and watertight security policy for mobile assets such as laptops is essential in any organisation, large or small.
In this regard, it appears that the company managing the Blood Transfusion Service information did follow best practice. They used a good standard of encryption and, assuming they also used appropriately complex passwords for decrypting the information, chances are minuscule that such information could ever be viewed by anybody. One estimate is that it would take five trillion computers 192 years to crack the level of encryption used on that stolen laptop.
But there are other serious questions around this incident. How can it be that the data of so many Irish people was sent abroad on a laptop in the first place? Why was live data needed for a software project (usually "dummy" data is used for projects like this)? If this can be done legally, what is the point of having data protection laws when they can be circumvented for such a relatively trivial purpose?
But these questions fade into insignificance when one takes even the most glancing look at the general pattern of callous disregard for citizen information taken by our Government and the EU as a whole. Our information is shockingly easy to access and expose, because organisations themselves - including the Government - either do not bother to learn about their responsibilities regarding data management or knowingly flout those rules.
For example, two data protection commissioners in a row have highlighted problems with a profession that should be most aware of data privacy issues - solicitors. It took numerous threats to compel the majority of solicitors to register as data controllers, which they have a legal obligation to do.
And there has been a serious issue with government departments accessing private information for trivial reasons - for example, the Department of Social and Family Affairs has had problems with individuals giving information to newspapers and, in one case, criminals.
On top of this poorly secured, easily accessed data, we have the reams and reams of new data being stored - where, by whom, with what security, accessible to whom? - under a sequence of data retention legislation.
Sensitive call and phone location information, even that of small children using mobiles - data acknowledged by former justice minister Michael McDowell as so sensitive and revealing that it was supposedly only to be used for the most serious criminal investigations - is, courtesy of McDowell's own legislation, left easily accessible by gardaí even for misdemeanour cases.
And now, the Government has signalled its intent to quickly bring in e-mail and web usage monitoring, too - to the alarm of many businesses, including some of our most prized, big-employer multinationals, who are unsure how this affects them and their operations.
Astonishingly, in all this time, with all this nonstop growth in the ability of electronic systems to monitor citizens, and to acquire, store and trawl data, no significant debate has ever taken place on the big picture subject of data privacy and data retention in the Oireachtas. Quinn's recent questions are merely a subtopic.
Thankfully, that may be about to change. While TDs continue to disregard the bigger picture, the Seanad has, to its credit, raised the issue several times, with calls for a debate coming from Senators Paschal Donohoe (FG), Alex White (Lab) and Fiona O'Malley (PD). Seanad leader Donie Cassidy indicated he will allocate time for such a debate.
In doing so, the Seanad demonstrates its importance as a place where important topical issues affecting society - especially those ignored by the other House - can be discussed. This is an essential and long-overdue debate that Irish society and especially all of government, as lawmaker and custodian of our most sensitive data, must now have.
