Skip to main content

Departmental Data Protection

Volume 495: debated on Wednesday 8 July 2009

To ask the Secretary of State for Energy and Climate Change how many officials in (a) his Department and (b) its agencies have been (i) disciplined and (ii) dismissed for (A) breaches of data protection requirements and (B) inappropriate use of personal or sensitive data in the last 12 months. (278726)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework and the Data Handling Report produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

DECC can confirm that no officials have been disciplined or dismissed for breaches of data protection requirements or inappropriate use of personal or sensitive data in the last 12 months.

If staff are found to have been responsible for a serious breach of data security procedures, dependent upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

DECC operate within the following Cabinet Office frameworks in respect of data security:

Mandatory requirement 12 of the HMG Security Policy Framework, published in December 2008 states that Departments and Agencies must provide all staff with guidance on the Data Protection Act and other legislation which affects their role. Reference:

www.cabinetoffice.gov.uk/spf/mandatory_requirements/mrl2.aspx

Mandatory requirements 31 to 49 of the HMG Security Policy Framework published in December 2008 includes measures that Departments must put in place in relation to information security and assurance. Reference:

www.cabinetoffice.gov.uk/spf7sp4_isa.aspx