Written Ministerial Statements
Thursday 21 February 2008
Business, Enterprise and Regulatory Reform
My noble Friend the Parliamentary Under-Secretary of State for Business and Competitiveness has made the following ministerial statement:
The Department for Business, Enterprise and Regulatory Reform has today issued the Government’s response to the House of Lords Select Committee on Regulators report into UK economic regulators.
The report is a helpful and useful addition to the regulatory debate and raises important issues for both Government and the economic regulators covered by the report.
Copies of the response have been deposited in the Libraries of both Houses and published on the BERR website.
Children, Schools and Families
I am publishing today the findings of the independent review of the security procedures of ContactPoint, conducted by Deloitte, and the Government response. I acknowledge Deloitte’s recognition that security is ingrained in the ContactPoint project team’s work. The Government accept all the report’s recommendations and will address them.
ContactPoint is a key element of the “Every Child Matters” programme to transform children’s services by supporting more effective prevention and early intervention. Its goal is to improve outcomes and the experience of public services for all children, young people and families. ContactPoint will provide a tool to support better communication among practitioners across education, health, social care and youth offending. It will provide a quick way for those practitioners to find out who else is working with the same child or young person.
ContactPoint will be a simple basic online tool containing:
minimal identifying information for each child; name, address, date of birth, gender, and contact details for parents or carers. Each child will also have a unique identifying number;
contact details for the child’s educational setting and GP practice and for other practitioners or services working with them; and
an indication as to whether a service or practitioner holds an assessment under the common assessment framework or whether they are a lead professional for that child.
No case information will be held on ContactPoint.
Security is of paramount importance in the development of the ContactPoint. A number of measures will be in place to ensure security:
Access will be restricted to those who need it as part of their work and will be limited to that needed to fulfil each role.
Everyone with access to ContactPoint, including operators or administrators, will be subject to stringent security checks, including enhanced Criminal Records Bureau clearance and membership of the Independent Safeguarding Authority (ISA) scheme.
At least two-factor authentication will be used to access ContactPoint. Users will need a security token and a password.
All users will be trained in the importance of security and the importance of good security practice.
Every access to a child's record will be detailed in the ContactPoint audit trail. This will be regularly reviewed.
Sanctions will be in place for any misuse. These sanctions can include, if appropriate, prosecutions under the provisions of the Data Protection Act and Computer Misuse Act which may lead to fines or imprisonment.
The design and implementation of ContactPoint will continue to be reviewed by independent security experts during system build and before it is implemented. Security will of course be audited during operation.
These issues will be reflected in the guidance and staff training that will govern the operation of ContactPoint.
On 20 November, the Secretary of State for Children, Schools and Families decided to commission an independent review of ContactPoint’s security procedures, and I announced this in a Written Ministerial Statement to Parliament on 27 November. The review was undertaken by Deloitte. The Secretary of State and I received Deloitte’s confidential report in early February. I am today publishing the executive summary of this report, which includes Deloitte’s recommendations. This statement includes the Government’s response to the recommendations. Both this statement and the executive summary will be placed in the Libraries of the House for reference.
The main body of the report necessarily includes information about the security arrangements for ContactPoint. We will not, therefore, publish the full report in order to minimise the kind of security risk our procedures are designed to prevent.
Contactpoint Data Security Review
The Government welcome the report from Deloitte on the ContactPoint data security review. We acknowledge their recognition that security is ingrained in all aspects of the ContactPoint project team’s work. We accept all the report’s recommendations and will address them. The first task is to undertake an impact assessment of the detailed recommendations contained in the report. A statement outlining ContactPoint’s security policy is available from www.everychildmatters.gov.uk/delivering services/contactpoint/security/. The statement will be updated to reflect changes as a result of ongoing work on security, including addressing the recommendations in this report.
The Report’s Recommendations
Clear communication of responsibilities and accountabilities when the governance process is communicated to sponsors and partner organisations
We recognise the need for the Department to communicate clearly to local authorities and partner organisations, who will use ContactPoint, exactly what their responsibilities are and what is required of them. We are developing a comprehensive programme of training, readiness assessments and accreditation checks to ensure these organisations are properly prepared for these responsibilities. The review has identified a number of areas which will be critical to get right as these plans develop. We welcome this advice and will follow it as we finalise our plans.
Technical and procedural controls are subject to formal assurance under a recognised standard
In determining the security policy for ContactPoint, the project followed Government guidance on risk assessment and security controls set out in the manual of protective security. The manual was updated in August 2007. The design of ContactPoint is currently undergoing a re-baselining exercise. Once this is complete, we will fully update the risk assessment against the new criteria and initiate a formal, external assessment to ensure these risks are effectively controlled. The scope of this will include the self-certification and local data quality tool process issues highlighted by the review.
Further controls are introduced over the access to data by central system users such as database administrators and report programmers
The review has correctly identified that we have significant controls in place to ensure the security of the core database, but has identified some areas in which these could be further improved. The ContactPoint project will undertake a rapid impact assessment to determine the most effective approach in our specific context, and will build this into the deployment plan.
Processes are defined for the secure disposal of electronic and hard copy media
Temporary guidance was issued to ensure secure storage and/or disposal of media used for initial load of data into the database. This was effective at the time, and will be reviewed against latest Government-wide best practice to inform standards for production processes. These additional controls will be in place before any data are loaded into the user acceptance test or live systems. The live system will also be designed to minimise, and where possible eliminate, the use of physical media.
Clear guidance about information security matters is provided to all helpdesk staff on the production system
The Deloitte review has highlighted one occasion where helpdesk guidance did not reflect best security practice. Formal helpdesk training has not yet taken place, and training plans will be reviewed to ensure that helpdesk staff are aware of security best practice, including the areas highlighted by the review.
The project board should consider the appropriateness of obtaining formal independent assurance and accreditation of the supporting security operating procedures at connecting organisations before allowing connectivity or sponsorship
The Department is still preparing plans for accreditation of connecting organisations, and will take this recommendation into account as those plans are finalised.
The DCSF participate in Government-wide security initiatives
DCSF is already participating in these initiatives through our chief information officer, especially those focused on data security, privacy and strong user authentication. We will take into account all best practice guidelines arising from this work to keep ContactPoint at the leading edge of security practice.
Culture, Media and Sport
Creative Economic Strategic Document
I will tomorrow launch a strategy for the Creative Economy, in partnership with my right hon. Friend the Secretary of State for Business, Enterprise and Regulatory Reform and the Secretary of State for Innovation, Universities and Skills. Copies of the strategy, “Creative Britain: New Talents for the New Economy”, will be deposited in the Libraries of both Houses.
Our creative industries have grown by 7.3 per cent. over the last decade—around twice the rate of the rest of the economy—and are in a strong position globally as demand for high quality media content in English grows. However, we need to ensure we remain competitive in a growing world market.
Following extensive consultation and discussion with industry, the strategy makes a series of commitments for Government and industry to secure the continuing success of this dynamic sector of the economy. This includes setting out the challenges for these industries, and measures to exploit British talent to the full through education and training, the removal of barriers to business growth, investment in research and innovation and protection of intellectual property.
The Department for Culture, Media and Sport will work closely with BERR, DIUS and other Government Departments to implement the strategy that we hope will adapt and evolve in response to a fast moving sector of our economy.
Foreign National Prisoners
I have for some time been seeking more ways to remove foreign prisoners from our prisons, and to remove them earlier. I believe this will work to the benefit of our system, and today I can bring forward proposals that will help us to do this. The early removal scheme established under the provisions of the Criminal Justice Act 2003 enables the Government to remove foreign national prisoners liable to deportation or administrative removal up to 135 days before the halfway point of their sentence. Since its introduction in June 2004, over 3,000 prisoners have been removed under the scheme. This has made a significant contribution to reducing the number of foreign national criminals in our prisons and on our streets. Given this success, the Government now believe the scheme can contribute more.
As of December 2007 there were 11,310 foreign national prisoners within the prison system, representing 14 per cent. of the total prison population. Foreign national prisoners represent a significant proportion of the prison population, although at 14 per cent. it is low in comparison to most other European countries. Of 17 western European states, the UK’s proportion is the third lowest. France has 21 per cent., Germany 28 per cent., Italy 34 per cent., Greece 42 per cent. and Austria 43 per cent.
The early removal scheme applies only to those foreign national prisoners who are able to be removed to their country of origin. Such prisoners only benefit from the scheme if their removal from the UK can be given immediate effect. We have been working to ensure that arrangements are in place so as to enable us to remove prisoners to their country of origin.
Prisoners serving a life or indeterminate sentence are not eligible to be considered for removal under the scheme. Determinate sentence prisoners serving a sentence of four years and over under the provisions of the Criminal Justice Act 1991 for a sexual or violent offence are removed under the scheme only if the parole board considers that they would present an acceptable risk to the community.
Details of prisoners removed under the scheme are placed on the Home Office’s warnings index. Should they seek to return to the United Kingdom during their sentence they can be detected by the border control officer on arrival at the UK border and returned to prison custody until the point at which they would have been released had they not otherwise been removed.
Based on the successful experience of the last three and a half years, and in particular our increasing experience of and success in securing travel documents from overseas countries and making other arrangements with them that enable us to remove prisoners, I believe the scheme can make an even greater contribution to removing criminals from our shores. I have therefore decided to extend the early removal scheme so as to enable prisoners to be removed 270 days early rather than the current 135. I will be laying the appropriate draft Order, which is subject to the affirmative resolution procedure, and time will be found for a debate shortly.
The measure is entirely consistent with our strategy and with our earlier announcements, and I commend it to the House.