Civil Service payroll system suffers further data breach

Data Protection Commissioner notified after PeoplePoint wrongly sends file to HR official

Payroll service: a data breach by  PeoplePoint has been reported. Photograph: iStockphoto/Getty

Payroll service: a data breach by PeoplePoint has been reported. Photograph: iStockphoto/Getty

 

PeoplePoint, which runs the payroll service for about 31,000 civil servants, has suffered another data breach after a report containing data about thousands of individuals was sent to a human resources official in a Government department.

It is understood that the file was sent to an official in the Office of the Revenue Commissioners and contained details about staff not employed in that department.

The service has been the subject of multiple complaints from civil servants and has previously suffered at least two inadvertent data breaches. It was recently audited by the Data Protection Commissioner.

PeoplePoint, part of the Government’s National Shared Services Office (NSSO), was established in 2013 and handles payroll and leave requests from civil servants.

A spokeswoman for the NSSO confirmed that an internal data breach had occurred at PeoplePoint, but she could not immediately confirm the number of people or records affected.

“An encrypted report was transmitted through the secure document management system to one Civil Service HR professional, containing data relating to civil servants not employed by that department,” she said. “Notification has been made to the Data Protection Commissioner. The matter is being taken very seriously and an investigation into why it happened was initiated immediately. Further details will be made available as soon as possible.”

A spokesman for the Data Protection Commissioner confirmed it had received a report of the breach last week and was liaising with PeoplePoint on the matter.

“Such liaison is treated as confidential,” he added.

He said that the office’s audit of PeoplePoint had concluded and that a report was currently being finalised, with a view to it being issued to PeoplePoint “very shortly”.

It is believed the most recent data breach occurred on January 12th.

Last April, a spreadsheet containing details of 1,914 Civil Service staff, including their names, PPS numbers, grades and details of special leave taken, were sent to a Government department’s HR manager, who had sought details about its own staff.

There was also a data breach in November 2015 when the personal details of more than 300 civil servants were sent by PeoplePoint to HR departments other than their own.

Since PeoplePoint’s introduction, there have also been reports of other instances of personal information being disclosed to the wrong managers or departments. In addition, there have been complaints about how the system recovers salary amounts overpaid when an individual has been on sick leave.