Skip to main content

Departmental Data Protection

Volume 489: debated on Tuesday 17 March 2009

To ask the Secretary of State for Defence (1) what IT security strategy his Department has in place; what steps are being taken to ensure the strategy is being followed; what policy is in place on the use of encryption when data are sent externally; and what sanctions are in place for use should the policy not be followed; (259003)

(2) what IT security policy his Department has; what procedures are in place to ensure the policy is being followed; what his Department's policy is on encryption of data when it leaves departmental premises; and what sanctions are in place for failure to comply with this policy.

[holding answer 26 February 2009]: Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

The Department is compliant with the security policies contained in the Government Security Policy Framework including those for information security and assurance. Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

To ask the Secretary of State for Defence how many civil servants in his Department have been (a) investigated, (b) suspended and (c) dismissed for (i) losing and (ii) deliberately disclosing (A) data stored on departmental equipment and (B) confidential information in each year since 1997. (263650)

I refer the hon. Member to the answer I gave on 15 December 2008, Official Report, column 333W, to the hon. Member for Chesterfield (Paul Holmes).