Skip to main content

Departmental ICT

Volume 486: debated on Monday 12 January 2009

To ask the Secretary of State for Work and Pensions with reference to the answer of 26 November 2008, Official Report, column 1960W, on departmental ICT, (1) how many individuals have been disciplined over the loss of the items referred to; (240827)

(2) what steps have been taken to reduce future losses of ICT equipment;

(3) how much has been spent trying to recover the missing items referred to;

(4) which of the items of ICT equipment recorded as lost or stolen had software protection installed; and if he will make a statement;

(5) what assessment he has made of the types of data held on the ICT equipment which has gone missing from his Department since 2001; and if he will make a statement.

The Department takes very seriously its responsibilities to safeguard personal and other sensitive data. In the last 12 months, a number of major changes have been made in the way that data is handled and stored, especially insofar as items of removable equipment (such as laptop computers and memory sticks) are concerned. Significant improvements have been introduced, including the widespread deployment of encryption.

The information about lost and stolen equipment, given in response to the question referred to, was obtained from centrally maintained records of security incidents. Detail is not available from these central records to indicate the nature of disciplinary action that was taken in individual cases. Such information could be obtained only at disproportionate cost, given that the bulk of these incidents occurred a number of years ago. However, the Department is currently reviewing its disciplinary policies to better reflect the importance which it attaches to the security of valuable assets and information.

Following the Cabinet Office Review of Data Handling Procedures in Government, the Department has designated senior staff as information asset owners, who are personally accountable for providing assurance in relation to the information assets within their respective business areas. Additional steps taken to reduce future losses include measures which prevent employees from copying information to removable media, except where this has been encrypted.

Information on the costs of seeking to recover earlier lost or stolen equipment and which of such items had software protection installed is not available and could be provided only at disproportionate cost.

To ask the Secretary of State for Work and Pensions what records his Department keeps of computer (a) software failures, (b) viruses, (c) hacking attacks and (d) denial of service attacks. (241311)

I refer the hon. Member to the written answer the Under-Secretary of State for Work and Pensions (Mr. Timms) gave the hon. Member for Hornchurch (James Brokenshire) on 10 March 2008, Official Report, column 17W.