1. Deputy Dara Calleary asked the Minister for Public Expenditure and Reform the status of the roll-out of the public service information and communications technology strategy; the amount that has been spent on it to date; the estimated amount to be spent; the security implications and data protection steps that have been taken; and if he will make a statement on the matter. (Question 53464/17 asked on 14 Dec 2017)

Deputy Dara Calleary: I would like to ask the Minister about the status of the public service information and communications technology strategy, particularly the work being done to ensure citizens’ personal data are secure, especially at a time when data privacy is under such a threat.

Minister of State at the Department of Public Expenditure and Reform (Deputy Patrick O’Donovan): The 18 step action plan sets out the approach to implementing the public service ICT strategy and momentum on the 18 steps continues to be maintained under the leadership of the Civil Service ICT Advisory Board and its associated working groups. In addition, last week the Government chief information officer held a joint sectoral meeting with the ICT and business transformation leaders’ group from the Department of Health, the HSE, An Garda Síochána, the Department of Education and Skills and the Department of Housing, Planning and Local Government to look at opportunities for joint working across the broader public service.

The key deliverables which can and should be progressed on a State-wide basis include a first version of a Government digital services gateway, a Government data centre strategy, an open data initiative, the development of common services for Departments and a formal plan for adoption of the use of MyGovID to enable citizen access to public services. The Deputy may also wish to note that many of these actions, particularly the development of MyGovID and the digital services gateway, are encapsulated in the egovernment strategy launched in June and align very well with European Commission developments such as the digital Single Market, the egovernment action plan and the general data protection regulation, GDPR.

It is expected that the Department will have spent €19.1 million in implementing the strategy between 2015 and the end of this year. The expenditure represents both current and capital investment in building and supporting a range of infrastructures such as the Government networks service, the build-to-share common applications and the private Government cloud platforms. A further €7.5 million has been provided in budget 2018 for the roll-out of the strategy.

As the Deputy will be aware, the implementation of the EU general data protection regulation is being led by the Department of Justice and Equality, while the Department of Communications, Climate Action and Environment takes the lead on the issue of cyber security. The Department of Public Expenditure and Reform continues to work closely with the national cyber security centre, the State’s national governmental computer security incident response team. As mentioned, the strategy consists of a range of projects, each of which will ensure the appropriate data protection and cyber security measures are implemented for the services deployed. In delivering the range of initiative the Department operates a strength-in-depth approach to cyber security and protecting ICT systems, infrastructure and services and continues to work to mitigate emerging threats, risks, vulnerabilities and cyber security issues.

Deputy Dara Calleary: The Minister of State says the Department of Justice and Equality is the lead Department. Is the sum of €19.1 million attached to the Department of Justice and Equality or the Minister of State’s Department? Has there been any major cyber attack during the past 12 months on information held by the State? Will the Minister of State give an update on the Data Protection Commissioner’s investigation into the use of the public services card? Has there been engagement on it between the Department and the Data Protection Commissioner?

Deputy Patrick O’Donovan: I will address the last aspect first. Six Governments have been in office since the concept of the public services card came to fruition and almost 3 million cards have been issued to date. As a Government, we are conscious that we want to ensure there will be a single point of entry for those accessing services. We collect the information once, maximise the opportunities to avail of it and continue to roll out the card. As the Deputy will have seen recently, we have further plans in that regard. The card is in complete compliance in the use of the Standard Authentication Framework Environment, SAFE II, and MyGovID. The Department of Public Expenditure and Reform will have €19.1 million to cover the cost involved.

Deputy Dara Calleary: I support the concept of the public services card. Will the Minister of State update me on the Data Protection Commissioner’s investigation? In the past 12 months has there any major cyber attack, of which he is aware, on any Government body?

Deputy Patrick O’Donovan: I am not aware of any such attack. In the context of the data sharing and governance Bill, about which we will consult the Opposition after Christmas when we have dealt with other legislation on which we are consulting it, we will be conscious of the need to take concerns into account. While the Data Protection Commissioner is not going to give a clean bill of health, the commissioner has been given sight of the revised heads of the Bill. We have taken into account what happened in the pre-legislative scrutiny process on governance and data-sharing, the establishment of a governance board and the need to ensure we will have all of the checks and balances required as enunciated both at the committee and directly to the Department. The will be fleshed out further with the Opposition after Christmas.