Garda Commissioner Nóirín O’Sullivan has confirmed that she used a Gmail address for dealing with Garda business due to restrictions on size and storage on the Garda system.

The Garda has insisted that it is satisfied that “the commissioner’s systems are secure and there is no evidence that they have ever been compromised.”

In a statement issued from Garda Headquarters this evening in response to reports on Sunday, the commissioner confirmed her use of the Gmail address but insisted that there was “due regard to the sensitivity of any information being transmitted in this way”.

All devices issued to gardaí have Gmail installed on them by Garda ICT staff, the statement says, which is necessary to ensure they are constantly secured. The commissioner takes “all recommended security measures” when using Gmail, including “regularly changing the password [and] using a mix of letters, numbers and symbols”, according to the Garda statement.

Updated policy

The statement also says that Garda policy on email dates from 2012 and does not take into account advances in technology, “such as the need for mobile devices to be associated with a commercial email address”.

A updated policy is being prepared, the Garda said. “An Garda Síochána has strict security controls in relation to the use and access to Garda IT systems. Devices issued to the commissioner are secured by secure connections and utilise strong encryption technologies,” noted the Garda statement.

“Access to the Pulse database on any Garda Síochána devices is segregated by secure containers which does not store any Garda data on the device.”

The Garda insisted that Ms O’Sullivan “is well aware of her obligations to protect national security and policing operations and would under no circumstances allow them to be compromised.”

Ministerial response

Meanwhile, Minister of State for EU affairs and Data Protection Dara Murphy has said he is not aware of any “overarching” government policy prohibiting public servants from using web services such as Gmail for official business.

He declined to comment on the specific case involving Ms O’Sullivan, but said his staff urged strong data protection awareness across all ministries and state agencies. Asked what this meant in practical terms, he said it remained up to “individual organisations to make their own determinations”.

“I am not going to give a pronouncement on the rights or wrongs,” he said. “I am not aware there is a Government policy. I haven’t given any thought as to whether what should or shouldn’t be a policy.”