The theft of blood donor data in New York, containing the personal details of some 170,000 Irish citizens, should be viewed as a cautionary tale by other State agencies.
Loss of the material by an agent of the Irish Blood Transfusion Service (IBTS) demonstrates how vulnerable sensitive information can become when it is transferred to a laptop computer or portable storage device. Thankfully, on this occasion, the information was strongly encrypted. And it is highly unlikely that it will be used for the purpose of identity theft or financial fraud.
Three months ago, the UK department dealing with social and family affairs lost computer disks containing the personal data of 25 million people and exposed them to the risk of being exploited by criminals. That information was not encrypted.
The incident, which was hugely embarrassing to the British government, focused attention on the possibility of similar breaches of security occurring here. And Data Protection Commissioner Billy Hawkes expressed serious concern about the safeguards being operated by State bodies. He was particularly exercised by a deliberate "leaking" of private information to insurance companies by public servants.
Public trust in the confidentiality of the data banks controlled by government-sanctioned authorities is a central aspect of responsible and effective administration. Without it, planning becomes more fragmented and the prospect of fraud increases.
Computer security involves two aspects: preventing unauthorised access by individuals working within the system and the use of strong encryption to guard against external hackers or the loss of such material in transit.
As more and more sensitive information is centralised, it is vitally important that State employees are trained in security protocols and are made aware of their absolute duty to keep it secret. Recent evidence of material being passed on to insurance companies by individuals working within the Department of Social and Family Affairs was damaging to public confidence. And information held on Garda computers may also have been leaked. Such security breaches cannot be tolerated.
Mr Hawkes has confirmed that the IBTS had a legitimate reason to send the stolen data out of the country; that the agency had taken its responsibilities to donors and clients seriously and that the information had been securely encrypted. As a result, he said, the dangers arising were "minimal". But it is right that an apology should be offered. It is even more important that other Government bodies should learn from this unfortunate incident and upgrade their security protocols.