In common with other public bodies, ComReg works with external service providers to support its use of information technology.
It is a priority for ComReg to ensure the integrity and confidentiality of its data and of any data belonging to third parties that is in ComReg’s possession. ComReg’s contracts with IT service providers contain strong provisions related to the protection of confidential data. ComReg’s IT operational processes include appropriate arrangements for official authorisation and auditing of data access. In addition, section 24 of the Communications Regulation Act 2002 provides that it is a criminal offence to disclose confidential information where not authorised by ComReg.
ComReg notes that on 6 January eir and Evros technology Group announced that those companies have agreed to merge the two entities into one company in the coming weeks, subject to clearance from the Competition and Consumer Protection Commission.
Evros is a provider of managed IT services to ComReg and eir is an entity regulated by ComReg. ComReg acknowledges that stakeholders may therefore have concerns about the continued and necessary protection of confidential data they provide to ComReg.
As a first step, ComReg has reminded both parties of their contractual and other legal obligations in respect of the security and confidentiality of data.
ComReg is also engaged with its independent IT security and IT risk adviser as well as having discussions with Evros and eir to ensure that all necessary and appropriate additional measures are put in place in the short term to maintain continued assurance of the protection of confidential data.
Finally, ComReg is reviewing the longer-term future of its relationship with Evros.