All organisations that use the National Incident Management System (NIMS) are legally required, under the Irish Data Protection Acts 1998 and 2003, to ensure the security and confidentially of the information held, or processed by them, on behalf of its employees, visitors, patients, service users, students, prisoners, members of the public, etc. The purpose of this guidance is to provide information concerning the obligations and responsibilities of both Delegated State Authorities (DSAs) and the SCA in the use and management of data on NIMS. Failure to adhere to these obligations and responsibilities may result in the unauthorised disclosure or theft of NIMS data, fraud, compromise an organisations objectives and or mandate and possible legal prosecutions or actions.
In anticipation of the General Data Protection Regulation (GDPR), which is to be promulgated in 2018, the SCA is commencing a further detailed review of all data protection issues in respect of NIMS and its use. Further detailed guidance will be provided in respect of the outcome of this review in due course and it is intended there will be direct engagement with all DSAs who use NIMS to ensure both your organisation and the SCA fully comply with all data protection requirements in respect of NIMS.
© 2017 National Treasury Management Agency