To ask the Secretary of State for Environment, Food and Rural Affairs what IT security strategy his Department has in place; what steps are being taken to ensure the policy is being followed; what policy is in place on the use of encryption when data are sent externally; and what sanctions are in place for use should the policy not be followed. (259005)

[holding answer 26 February 2009]: Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures to which Departments must adhere.

DEFRA’s strategy is to implement all mandatory measures and achieve compliance with the new measures as appropriate for the Department’s business purposes.

Guidance to staff is regularly updated and compliance is checked by line managers, information asset owners and internal audit as appropriate.

Secure procedures are in place for transferring protectively marked material outside of the Department.

Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.