#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 5°C Tuesday 26 January 2021

Data Protection Commission notified over 2018 breach by State Examinations Commission

The breach, which occurred last year, affected 64 medical card holders.

Image: Shutterstock/igorstevanovic

THE DATA PROTECTION Commission says it is “satisfied” that the State Examinations Commission (SEC) acted correctly following a data breach involving 64 people last year.

The breach was first reported in August 2018 and arose after the SEC’s fees section sent an email to a number of individuals regarding their application for a medical card exemption from exam fees.

The breach did not contain any financial or personal details, but the SEC formally notified the Data Protection Commissioner about it within 72 hours of its occurrence.

The SEC told the commissioner that all those whose data was breached would be contacted with an explanation and apology, and said it had asked the individuals involved to delete the email which the commission had sent them by mistake.

The incident was determined to be a “low risk” breach following an investigation by the SEC, and a report was prepared for retention by the commission’s data protection officer.

Some details of the breach were confirmed to TheJournal.ie by a spokeswoman for the SEC, who said that the commission had received one follow-up complaint on foot of being notified about the breach by the commission.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

The spokeswoman added that the SEC advised the complainant of their right to contact the Data Protection Commissioner’s office, but said it had received no further correspondence and that the matter was now regarded as closed.

In a statement, a spokeswoman for the Data Protection Commission also confirmed that it had received a breach notification from the SEC.

“The DPC is satisfied that mitigating measures were put in place and the issue was addressed,” the spokeswoman said, adding that it had received no complaints in relation to the incident.

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel