Garda data protection officer warns of insufficient resources to carry out role as well as absence of training for staff

An internal audit warned gardaí were at high risk of data breaches involving sensitive information as well as complaints, fines, and sanctions because of a lack of trained staff and resources.

The audit said the data protection officer for the force had warned he did not have adequate resources to do his job and that no comprehensive training had been provided to employees of the wider organisation.

The review identified four areas of high risk for An Garda Síochána in how they handle sensitive personal information like criminal records, CCTV footage, and witness evidence.

It said the absence of up to date polices, procedures, and guidance on processing personal data increased the chances of serious data breaches.

A response from garda management said: “Colleagues in [Garda Internal Audit Service] rightly identify the risks the current policy gaps present to the organisation in respect of breaches, complaints, fines and sanctions.”

It said extra resources were needed to bolster their data protection unit especially around requests for multimedia – like CCTV – which were “complex and resource intensive” to deal with.