The Irish Data Protection Commission issued its first fine for a breach under the General Data Protection Regulation (GDPR) against Tusla, the state's child and family agency, which wrongly disclosed information about children to unauthorised people on three different occasions. The Irish Times first reported this. Tusla was fined €75,000 (~₹61,64,000) for: disclosing the location of a mother and child to an alleged abuser, for disclosing contact, location and school details of foster parents and children to a grandparent resulting in the grandparent making contact with foster parent about the children, and for disclosing address the address of foster children to their imprisoned father who used it to correspond with the children. The Irish Data Protection Commission confirmed the €75,000 fine to MediaNama and sent the following statement: “On Friday [May 15] the DPC lodged papers with the Circuit Court in order to apply to confirm the first fine of the DPC under the GDPR in accordance with Section 143 of the Data Protection Act 2018. This fine follows the completion of an investigation that the DPC commenced in October 2019 in respect of three data breach notifications that it had received from Tusla, Child and Family Agency.” — Irish Data Protection Commission According to the Irish DPC's Annual Report for 2019, Tusla informed the DPC of the data breaches of its own volition, and the DPC launched an inquiry in October 2019, the report of which was issued to Tusla in 2019 itself. Tusla will not contest the fine…
