Departmental Data Protection

Anne Main

To ask the Secretary of State for Wales whether his Department uses WPA2 encryption protocol on all its wireless networks. (259808)

The Wales Office does not operate any wireless networks.

To ask the Secretary of State for Wales what auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months. (259809)

The Wales Office's IT services are provided by the Ministry of Justice, which has in place safeguards and auditing capabilities to ensure that IT policies are being followed by staff. No members of Wales Office staff have broken IT security rules in the last 12 months.

To ask the Secretary of State for Wales (1) if he will place in the Library a copy of his Department's IT security hierarchy; (259810)

(2) what scanning for vulnerabilities his Department conducts of each of its IT devices; what method is used for IT device scans; and how many vulnerabilities have been detected as a result of such scans in the last 12 months;

(3) what IT security policy his Department has; what procedures are in place to ensure the policy is being followed; what his Department's policy is on encryption of data when they leave departmental premises; and what sanctions are in place for failure to comply with this policy.

The Wales Office is provided with its IT services by the Ministry of Justice, which is responsible for IT security. Safeguards and audit capabilities are in place to ensure their policies are followed.

When leaving departmental premises, all data are required to be encrypted, and the capability to copy data onto removable media such as CDs or memory sticks is significantly limited. Staff found not to be complying with this policy risk disciplinary action.

Volume 488: debated on Tuesday 3 March 2009