Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework and the Data Handling Report produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.
DECC can confirm that no officials have been disciplined or dismissed for breaches of data protection requirements or inappropriate use of personal or sensitive data in the last 12 months.
If staff are found to have been responsible for a serious breach of data security procedures, dependent upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.
DECC operate within the following Cabinet Office frameworks in respect of data security:
Mandatory requirement 12 of the HMG Security Policy Framework, published in December 2008 states that Departments and Agencies must provide all staff with guidance on the Data Protection Act and other legislation which affects their role. Reference:
www.cabinetoffice.gov.uk/spf/mandatory_requirements/mrl2.aspx
Mandatory requirements 31 to 49 of the HMG Security Policy Framework published in December 2008 includes measures that Departments must put in place in relation to information security and assurance. Reference:
www.cabinetoffice.gov.uk/spf7sp4_isa.aspx