An investigation has been launched after it emerged Tusla accidentally gave a mother and child’s location and contact details to their alleged abuser.
It is one of four major incidents at the Child and Family Agency being investigated by the Data Protection Commission.
According to its annual report, the number of complaints made to the commission rose by 75% to 7,215 last year.
Meanwhile, the number of breaches it was informed of rose by 71%.
The report details the work of the commission in the first full calendar year since the introduction of the EU's new General Data Protection Regulation (GDPR).
Tusla
The commission investigated four breach notifications regarding Tusla in October and November last year.
In one breach, a mother and child’s location and contact details were accidentally given to an alleged abuser.
In another, sensitive personal data was given to a person who had been accused of abuse. The information was later posted on social media.
One of the other breaches saw location and school details of foster parents and children to the children’s grandparent. That led to the grandparent contacting the children.
Finally, the address of children in foster care was given to their imprisoned father, who used it to correspond with them.
The commission is also conducting a wider investigation into the agency regarding a total of 71 personal data breaches. It is currently preparing its draft report.
Church
It has also opened an investigation into the Catholic Church over its refusal to delete member's records.
It said it received several complaints from people who no longer wished to remain members of the church and want their baptism, confirmation and marriage data removed from sacramental registers.
The inquiry is aimed at the Archdiocese of Dublin and began late last year.
GDPR
Data Protection Commissioner Helen Dixon said there have been “many positive changes” since the introduction of GDPR.
“Much more remains to be done in terms of both guiding on proportionate and correct application of this principles-based law and enforcing the law as appropriate,” she said.
“But a good start is half the battle and the DPC is pleased at the foundations that have been laid in 2019.
“We are already expanding our team of 140 to meet the demands of 2020 and beyond.”
At the end of 2019, the commission had 70 statutory investigations underway – including 49 domestic inquiries.
Six statutory inquiries related to multinational technology companies – bringing the total number of cross-border inquiries to 21.