Skip to main content

Departmental Data Protection

Volume 488: debated on Monday 23 February 2009

To ask the Secretary of State for Defence what percentage of contractors and suppliers to (a) his Department and (b) its agencies have reported that they are compliant with the Government’s security standards following publication of the report, Data Handling Procedures in Government, and the accompanying document, Cross-departmental Actions: Mandatory Minimum Action, on 25 June 2008. (245321)

MOD is a large organisation with a commensurate number of contracts—almost 23,000 contracts were placed in Financial Year 2007-08. MOD is in the process of confirming full compliance with all its suppliers and expects to complete this task by end March. As an initial step those defence contractors who have declared to Defence Security and Safety Assurance (MOD’s Accreditation Authority), a requirement to have a connection to MOD’s restricted network (the RLI) or work electronically at confidential or above, have been asked to confirm their compliance with MOD’s List-X Notice on laptop and media encryption policy, issued in response to the data handling review. Some 73.3 per cent. have confirmed compliance. A further 8.3 per cent. have confirmed that they do not currently comply but have (or are in the process of) submitting risk balanced cases to describe how they are mitigating these risks together with plans to address shortcomings. 18.3 per cent. are still to respond formally and are being hastened.

To ask the Secretary of State for Defence how many reported incidents of lost data there were in his Department in each year from 1987 to 1997. (250736)

This information is not held centrally for the years requested. This information could be provided only at disproportionate cost.