Tusla, the Irish child and family agency is now the first organisation in Ireland to be fined for a breach of GDPR. The organisation has been fined €75,000 following an investigation which found information about children was shared with unauthorised third parties on three separate occasions. Tusla is Ireland’s state agency which has responsibility for children’s welfare and protection. It is a public service organisation which provides support to some of the country’s most vulnerable people.
The fine was issued by the Irish Data Protection Commission (DPC) who received information regarding the breach from Tusla themselves in late 2019.
In one of these cases, the contact information and location of a mother and child victim was shared with their alleged abuser. In the other two instances data regarding children in foster care was inappropriately shared with blood relatives including an imprisoned father.
A spokesperson for Tusla stated they did not intend to contest the fine, and will respect the court’s final order. She said:
Tusla is acutely aware of its responsibilities in relation to the very sensitive data we work with on a daily basis. Such information is generated in several hundred thousand interactions every year.
There are two further ongoing inquiries with data breaches involving Tusla, which the organisation stated were reported to the DPC in a timely manner. Tusla is working with the Irish watchdog in order to set out and implement improvement plans for the organisation.
Tusla’s spokeswoman stated that they were not going to speculate on the possible outcome of the impending accusations, though she wanted to reassure the public that they are not waiting for the investigation to close before making improvements to their data security.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.