To ask the Secretary of State for Transport what processes are in place to ensure that staff of her Department and its agencies have only the security access to data required to do their job. (176934)

The guiding principle used by the Department and its agencies for access to data is that of ‘Need to know’, consistent with the Cabinet Office Manual of Protective Security.

The Department and its agencies make use of both physical and electronic controls to restrict access to sensitive data including user identification, password protection and access restrictions based on user roles.

In addition to the basic checks performed for all personnel, a number of roles require users to have been security cleared to the appropriate level, consistent with the sensitivity of the data to which they require access.

The Department takes data security extremely seriously and is actively participating in the Cabinet Secretary’s review of this matter.