Skip to main content

Departmental Data Protection

Volume 494: debated on Wednesday 17 June 2009

To ask the Secretary of State for the Home Department how many breaches of security have been reported at the (a) Criminal Records Bureau, (b) Identity and Passport Service and (c) UK Border Agency and its predecessors in the last five years; and what procedures each agency follows when a breach of security involves the disclosure of personal data. (276952)

Except in exceptional cases, where it is in the public interest, it has been the policy of successive Governments not to comment on breaches of security. The Home Office and agencies take all breaches of security including unauthorised disclosure of personal data, very seriously. The Home Office and agencies have measures/policies in place to prevent misuse or abuse of official systems and to detect it where it does occur. Unauthorised disclosures of personal data are both a breach of security and a breach of the civil service code.

The Home Office and agencies are committed to investigating any such breaches and will deal with them in the strongest manner. Depending on the circumstances a range of sanctions are available including disciplinary action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.