Skip to main content

Departmental Data Protection

Volume 508: debated on Thursday 8 April 2010

To ask the Secretary of State for Defence how many incidents of the loss of confidential data held by his Department have been reported (a) in each of the last five years and (b) in each of the last 12 months. (321731)

The Ministry of Defence (MOD) takes any attacks on, or misuse of, its information, networks and associated media storage devices very seriously and has robust procedures in place to mitigate against and investigate such occurrences. Furthermore, new processes, instructions and technological aids are continually being implemented to mitigate human errors and raise the awareness of every individual in the Department with regards to cyber security.

The following tables provide details of the number of reported losses of confidential and personal data centrally reported within the Department from 2005 to 2010. Figures will continue to be adjusted to incorporate subsequent recoveries of items, the reporting of additional losses and subsequent clarification of historic incidents. The following figures reflect the latest data held as of 10 March 2010.

In a number of these cases the documents were historical and so the original protective marking would have been eligible to be considered for downgrading. This would certainly reduce any risk of compromise. A number of these incidents came to light as a consequence of thorough housekeeping activities and revised MOD data management practices. It is likely that a large number of instances relate to records of the destruction of documents not being accurately maintained, rather than documents actually having gone missing.

Reported incidents of the loss of confidential data in each of the last five years

Total

2005

77

2006

130

2007

52

2008

1099

2009

347

The surge in reported incidents from 2008 is largely attributable to two factors. Firstly, there is an increased awareness of the need to report data loss across the Department. Secondly, since the publication of the Data Handling Review and Burton Report, the MOD is now auditing its holdings of both personal data and removable media. This has identified a number of instances where the location of data could not be verified and has therefore been reported as a possible loss—even though in many cases they may have merely been unaccounted for or incorrectly disposed of.

Reported incidents of the loss of confidential data in each of the last 12 months

Month

Total

2009

March

10

April

34

May

24

June

19

July

20

August

32

September

94

October

25

November

21

December

65

2010

January

23

February

48