The fine is related to a number of cases where privacy was breached. In one case, a mother and child’s contact and location data was shared with an alleged abuser. In separate cases information regarding children in foster care was improperly given to blood relatives.
The filing of a case in the Circuit Court by the Data Protection Commission (DPC) last week confirms the fine. Governmental or State entities can be sanctioned with fines as high as €1m in relation to violations of GDPR.
A Tusla representative released a statement which said that the organization will not be appealing the decision of the Data Protection Commission.
The statement said: “Tusla is acutely aware of its responsibilities in relation to the very sensitive data we work with on a daily basis. Such information is generated in several hundred thousand interactions every year.”
She went on: “We have fully engaged with the DPC in their three investigations which are largely based on breaches identified by Tusla and reported to the DPC in a timely fashion. The main focus of our work with the DPC is in setting out improvement plans and more importantly implementing those. These reforms do take time in a complex and challenging environment.”
Finally she revealed that the organization is also facing two other data breach investigations but would no be commenting on those cases at this time. She said: “However, we want to assure the public, as we did in February when these investigations were referred to in the DPC annual report 2019, that we are not waiting for the investigation reports to formally conclude before making improvements which are ongoing in an extensive programme.”