GDPR Breach Leads to €75k for Irish Child Protection Agency Tusla

The Irish child and family protection agency, Tusla, has been sanctioned with a €75,000 fine by the Data Protection Office due to the results of an investigation of three cases where information about children was wrongly shared to unauthorized people.
As a result, Tusla is now the first organisation in Ireland to be fined in relation to a breach of the General Data Protection Regulation (GDPR). This particular fine is linked to a number of cases where privacy was violated. In one instance, a mother and child’s contact and location data was sent to an alleged abuser. In other cases information regarding children in foster care was illegally shared with blood relatives.

The submission of a case in the Circuit Court by the Data Protection Commission (DPC) last week confirms the fine. Governmental or State entities can be sanctioned with fines as high as €1m in relation to breaches of GDPR.

A Tusla spokesperson issued a statement which said that the organization will not be appealing the decision of the Data Protection Commission. It said: “Tusla is acutely aware of its responsibilities in relation to the very sensitive data we work with on a daily basis. Such information is generated in several hundred thousand interactions every year.

“We have fully engaged with the DPC in their three investigations which are largely based on breaches identified by Tusla and reported to the DPC in a timely fashion. The main focus of our work with the DPC is in setting out improvement plans and more importantly implementing those. These reforms do take time in a complex and challenging environment.”

Lastly, the spokesperson said that the group is also facing two other data breach investigations but would no be commenting on those cases currently.

In relation to this she said: “We want to assure the public, as we did in February when these investigations were referred to in the DPC annual report 2019, that we are not waiting for the investigation reports to formally conclude before making improvements which are ongoing in an extensive programme.”

HIPAA Violation Penalties

Most Common HIPAA Violations Causes