I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published on 17 December by the Cabinet Office through a written ministerial statement, column 98WS.
My Department is reviewing the way it handles data alongside the work being carried out by the Cabinet Secretary which will be published in due course.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published on 17 December by the Cabinet Office through a written ministerial statement, column 98WS.
No information is available on the number of times that confidential data has been downloaded onto compact discs. Downloading, transport, exchange and delivery of sensitive data, and the recording of these actions, is governed by agreed procedures in line with HM Government standards. My Department's main information systems have been designed to operate at a level of security that covers the requirements for handling personal information.
There is no standard set of rules and procedures required for compliance with the Data Protection Act 1998. What is appropriate will depend on the circumstances and the nature of the personal data itself. Accordingly, data protection measures are specific to location, type and sensitivity of the data in question. There is no overarching set of rules and the Department follows HM Government procedures for assessing risks and establishing controls. Therefore the information requested is not held centrally and could be provided only at disproportionate cost.
The definition of ‘breach' in data protection rules and procedures can be broad. Depending on their nature, breaches by Government Departments of the Data Protection Act can be dealt with by the information commissioner, the courts or by Departments at an informal local level. The information requested is not held centrally and could be provided only at disproportionate cost.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published on 17 December by the Cabinet Office through a written ministerial statement, column 98WS.
Like all Government Departments, mine provides training to members of staff. It is included in induction for new staff and ad hoc training events where a specific need exists. The information requested on data protection training at (i) and (ii), and for parts (a) and (b) of this question is not held centrally and could be provided only at disproportionate cost.
There are no recorded instances of employees in my Department being investigated for improperly accessing confidential information in the last 12 months.
I refer my right hon. Friend to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS.
Our new DISC contract, which covers the main HQ, court and tribunal systems, covers security requirements, referring to HMG standards and ISO 17799 (and updates to both) and includes operating procedures covering the carriage of bulky protectively marked assets.
Paper records, when no longer current, are stored in a secure archive. After no later than 30 years, they are reviewed and either transferred under controlled transport arrangements to the National Archive or destroyed.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS.
All Government Departments are required to ensure that their information technology and data management systems meet the Government standard (known as HMG Infosec Standard 2) which is aligned to BS7799. All MoJ systems comply with the government standard, and are therefore BS7799 compliant.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments’ procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS.
My Department does not maintain a central record of breaches of data protection security reported to the Information Commissioner. However, in the last year, I can say that my Department has reported three potential breaches to his office.
The Information Commissioner’s office does not keep records of referrals referenced by Department.
The information requested about the last five years is not held centrally and could be provided only at disproportionate cost.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments’ procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS.
Depending on their nature, breaches by my Department of the Data Protection Act 1998 can be dealt with by the Information Commissioner, the courts or by my Department at an informal local level. The information requested about the last five years is not held centrally and could be provided only at disproportionate cost.
However, in the last year, I can say that my Department has reported three potential breaches to the Information Commissioner’s office.
I refer the hon. Member to the statement made by right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS.
The review will include data transport arrangements.
We use TNT as the provider of an archive service for paper records. This is an MoD contract that provides a secure storage facility and is used by MoJ Headquarters, the courts, some tribunals and the prison service. After no later than 30 years, records are reviewed and either transferred under controlled arrangements to the National Archive or destroyed.
Business units select a delivery firm to take records to the Archive and there is a tight security control to ensure all records are accounted for. TNT are only involved in transport if business units have requested old records back or when they are being returned to our Records Management Service for review.
A small number of incidents have been investigated and no security breach involving loss of information from the Department was found to have occurred.