The DPC (the Irish equivalent of the ICO) has fined ‘Tusla’, Ireland’s child and family agency, €75,000.
This follows a number of breaches which included various instances of inappropriate system access, accidental and inappropriate disclosure of personal data by email and unauthorised disclosure of data.
The DPC found that there had been insufficient governance planning, in particular that legacy IT infrastructure was still in place, left over from when Tusla was created in 2014.
This fine demonstrates that regulators will not hesitate to take action against not-for-profit organisations and that:
- having good data protection governance in place is crucial; and
- up to date IT infrastructures are essential for compliance.