THE DATA PROTECTION Commission says it is “satisfied” that the State Examinations Commission (SEC) acted correctly following a data breach involving 64 people last year.
The breach was first reported in August 2018 and arose after the SEC’s fees section sent an email to a number of individuals regarding their application for a medical card exemption from exam fees.
The breach did not contain any financial or personal details, but the SEC formally notified the Data Protection Commissioner about it within 72 hours of its occurrence.
The SEC told the commissioner that all those whose data was breached would be contacted with an explanation and apology, and said it had asked the individuals involved to delete the email which the commission had sent them by mistake.
The incident was determined to be a “low risk” breach following an investigation by the SEC, and a report was prepared for retention by the commission’s data protection officer.
Some details of the breach were confirmed to TheJournal.ie by a spokeswoman for the SEC, who said that the commission had received one follow-up complaint on foot of being notified about the breach by the commission.
The spokeswoman added that the SEC advised the complainant of their right to contact the Data Protection Commissioner’s office, but said it had received no further correspondence and that the matter was now regarded as closed.
In a statement, a spokeswoman for the Data Protection Commission also confirmed that it had received a breach notification from the SEC.
“The DPC is satisfied that mitigating measures were put in place and the issue was addressed,” the spokeswoman said, adding that it had received no complaints in relation to the incident.
To embed this post, copy the code below on your site
have your say