No member of staff has been investigated, suspended or dismissed for losing memory sticks, laptop computers, desktop computers and mobile telephones in the last three years. Information prior to 2005 is not held centrally and to provide such information would incur disproportionate costs.
Identity and Passport Services are the only part of the Home Office that uses wireless functionality on their networks. IPS utilises the WPA2 protocol to protect this wireless network.
Good progress is being made on implementing the mandatory minimum measures set out in the data handling procedures in Government Report published in 2008 (a copy of which is in the House Library) following the review undertaken by Robert Hannigan. These and other mechanisms are being applied across the Home Office to reduce the risks to the security of personal and other sensitive information. These include:
Establishing a board-level senior information risk owner for the Home Office, and counterparts in each of our agencies and non-departmental public bodies;
Establishing an information assurance risk assessment and management process;
Creating a register of all information assets, identifying owners for all those assets and training those owners in managing information handling risks;
Carrying out training and raising awareness amongst all staff;
Setting up a bureau to allow any restricted or personal data that need to be sent, or received from, beyond the secure network to be encrypted;
Restricting the ability to write data to removable media to those that have a business need to do so;
Replacing existing USB sticks with encrypted ones, where they are required; and
Obtaining assurances from delivery partners that they will handle our data in line with the Hannigan requirements.