The office of the Data Protection Commissioner (ODPC) has issued new guidance on how business should deal with security breaches involving personal data. The number of reported high profile data security incidents both in Ireland and internationally has dramatically increased in recent years
All businesses are obliged by law to but in place appropriate technical and organisational security measures against unauthorised access to or accidental loss of personal data.
Current legislation does not contain a requirement for data controllers to notify the ODPA of security breaches, however the new guidance issued on 14 April 2009 recommends that business should immediately contact the ODPC as soon as it becomes apparent that personal data has been compromised. The guidelines also set out some of the additional measures that the ODPC may recommend or require depending on the circumstance of each case. These include the preparation of detailed incident reports, site inspections by the ODPC and reporting of incidents to individuals whose personal data have been compromised.