Tulsa has become the first child and family agency to be fined by the Irish Data Protection Commission for a data breach under the General Data Protection Regulation (GDPR); where information about children was disclosed to unauthorised people in three cases. Tusla was fined 75 000 euro for this privacy breach.
In the first case, the location of a mother and child was disclosed to an alleged abuser; the other two cases involved disclosing data about children in foster care to blood relatives, and to an imprisoned father.
As per the 2019 Irish Data Protection Commissions report, Tusla informed the commission of the data breach violations and an inquiry was launched in October 2019.