Skip to main content

Data Protection

Volume 470: debated on Thursday 24 January 2008

9. On how many occasions in his Department and its agencies confidential data has been downloaded on to CDs without encryption in the last 12 months; and if he will make a statement. (181418)

There is no central record, as across government the protective marking “Confidential” has a broad specific meaning, and is of a lower order than other security classifications. But it is a very good question, and one of the reasons why the Prime Minister invited Professor Walport to undertake a review of security arrangements across government.

We welcome the ruling by the Cabinet Secretary, Sir Gus O’Donnell, about not taking laptops or computer drives out of offices, but there are many people out there who still believe that the Government have been at best casual and at worst highly irresponsible, and cannot understand why the natural default position is not to encrypt personal data. The Minister has once again repeated her party’s position, hiding behind the report from Kieran Poynter. Does she simply not know the details at this stage? Can she guarantee that the Poynter report will not be slipped out on the eve of a parliamentary recess, and will be accompanied by an oral statement in the House?

I am afraid that the hon. Gentleman prepared his supplementary before he heard my answer to his first question, because I did not refer to Poynter at all. But he brings me to an important point, which is that Her Majesty’s Revenue and Customs instituted new controls. We accept that what happened last November was a grave mistake and that is being corrected. Immediately, HMRC put in controls that required that all customer data transferred by CD be encrypted. I would expect that in his full report, Mr. Poynter will consider how internal processes and culture at HMRC can be strengthened to achieve appropriate data security in the future. The hon. Gentleman can be assured that the House will have the fullest opportunity to comment when Mr. Poynter is ready to report.

I congratulate the Financial Secretary. This is about the first answer to a question relating to data that did not refer to the Poynter report, because the Government have consistently refused to answer perfectly reasonable questions about the missing data, about how many discs have been lost by HMRC, or even HMRC’s tracking procedures with private courier firms, by batting them away, saying that Poynter will report in due course. Given that Poynter will not report for some months, is it not about time that the Government abandoned their brazen attempts to kick the issue into the long grass, treated Parliament with a bit more respect and started answering some questions on this matter?

I do not accept the premise of what the hon. Gentleman says. I take extremely seriously the changes that need to be made within HMRC and that are being made. Kieran Poynter, in his interim report, referred to the fact that many of his immediate recommendations had already been acted upon by HMRC in its immediate response to the circumstances. So the Government and HMRC have given a serious and considered response to the circumstance that HMRC found itself in last November. The matter is being taken extremely seriously indeed, and the House can be assured that Poynter’s final report will be presented to the House, I am sure by an oral statement.