(2) what IT security policy his Department has; what procedures are in place to ensure the policy is being followed; what his Department's policy is on encryption of data when it leaves departmental premises; and what sanctions are in place for failure to comply with this policy.
[holding answer 26 February 2009]: Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.
The Department is compliant with the security policies contained in the Government Security Policy Framework including those for information security and assurance. Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.
I refer the hon. Member to the answer I gave on 15 December 2008, Official Report, column 333W, to the hon. Member for Chesterfield (Paul Holmes).