Tusla broke public spending code with €400,000 contract

Child and family agency paid a privacy company to deal with data subject access requests related to data breaches arising from the HSE ransomware attack and the publication of the mother and baby home report

Office of Tusla, the child and family agency, in Dublin. Picture:

The state’s child and family agency broke public spending rules with a contract worth more than €400,000 to a privacy protection firm in order to deal with data breaches arising from the HSE cyber attack.

Figures show that Tusla spent more than €5.3 million in 2021 on contracts for services which were not compliant with national and EU rules around procurement.

Of this spend, some €406,000 went to Pembroke Privacy Limited, a data protection company, ...