Skip to main content


Volume 623: debated on Wednesday 22 March 2017

1. What recent assessment his Department has made of the effect of the government transformation strategy 2017 to 2020 on cyber-security. (909379)

Cyber-attacks are growing more frequent, sophisticated and damaging. The government transformation strategy will ensure that government protects all its services and products from cybercrime, and will ensure that all systems are designed with cyber-security and appropriate privacy safeguards in place.

I am grateful to the Minister for that answer. Can he reassure us that as the transformation strategy, for very good reasons, puts more and more of our personal data—on our taxes, on our health and so on—online, none of those data will be at risk of ending up in the wrong hands?

I am very grateful to the right hon. Gentleman for making that point. Central to what we are doing is protecting not only the information that government requires to be kept confidential, but, as importantly, the information that citizens require to be kept confidential. That is partly why Verify has been designed so that it protects citizens’ data in the inquires that they make of government.

Last night, I had a very pleasant evening, in Blacks Club, with Dr Helen Stokes-Lampard, the chairman of the Royal College of General Practitioners, who is my own personal GP from Lichfield. She was telling me that NHS data on patients will now be held on the cloud—and this system will work, of course, because individual programmes will access it. But how secure will the cloud be?

My hon. Friend has doctors in high places. All I would say to him is that specific inquiries about NHS digital services should be directed to the Health Secretary, but I shall ensure that my hon. Friend receives a proper reply from him. As for the Government’s general strategy, our purpose is to make sure that we have the most secure government information systems anywhere in the world. That is what lies behind the government transformation strategy and the Government’s cyber-strategy, too.

Is the Government’s strategy on big data not the wrong way round? It is concentrating on big organisations having a central repository of data over people, whereas this should be about an empowering state where individuals have control over their own data—they should not have them held by big organisations.

The Government are seeking to achieve precisely the latter of those things, which is why Verify has been built as it has. It is very important that citizens have complete faith in the data held by government and feel able to interrogate data in the way that is open to them. We are not quite where I would like to be on this yet, but as we design digital services in the future I want to arrive at precisely the point the hon. Gentleman indicates.

Will the Minister update the House on the action he is taking to ensure that businesses are aware of their responsibilities on cyber-security, particularly those businesses that trade with government, so that businesses are safe and government is made safe?

I am grateful to my hon. Friend for raising this important matter. I direct businesses to look at the cyber essentials pack on the National Cyber Security Centre website, which details the essentials of what businesses can do to protect themselves. The NCSC’s purpose is to ensure that businesses that work with government adhere to the same high standards of cyber-security that the Government expect of themselves.