To ask the Secretary of State for Environment, Food and Rural Affairs how many notifications his Department made to the Information Commissioner in the year ended 30 April 2009 in respect of the loss or mishandling of personal information or data; what was notified in each such case; and how many individuals were the subjects of personal information or data in respect of which such notifications were made. (278743)

Under the mandatory requirements of the Data Handling Report published on 25 June 2008, DEFRA is required to give a summary report on data breaches reported to the Information Commissioner in our annual resource accounts.

DEFRA has reported on personal data breaches in 2007-08 in our 2008 Departmental Report and this can be found at:

http://www.defra.gov.uk/corporate/deprep/2008/index.htm

We will be publishing information on personal data security breaches reported to the Information Commissioner for the 2008-09 reporting year before Parliament rises in July. The information is currently being compiled and is to be audited and verified before it is laid before Parliament.

To ask the Secretary of State for Environment, Food and Rural Affairs how many officials in (a) his Department and (b) its agencies have been (i) disciplined and (ii) dismissed for (A) breaches of data protection requirements and (B) inappropriate use of personal or sensitive data in the last 12 months. (278744)

There have been no staff in the Department for Environment Food and Rural Affairs (DEFRA), or its agencies, who have been disciplined or dismissed for (A) breaches of data protection requirements or (B) inappropriate use of personal or sensitive data in the last 12 months from 1 June 2009.

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework and the Data Handling Report produced by the Cabinet Office provide a strategic framework for protecting information that Government handles and put in place a set of mandatory measures which Departments must adhere to.

The Civil Service Management Code sets out the requirements for Departments to have procedures in place to deal with conduct and disciplinary issues. DEFRA's procedures are laid down in the staff handbook which all staff can access via the Department's intranet. Before being permitted to access DEFRA's IT systems all users are required to read and agree to a personal commitment statement. This outlines the requirements to follow the Department's security policies which are held on the intranet, including those which relate to the use of e-mail and the internet.

If staff are found to have been responsible for a serious breach of data security procedures, dependent upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.