Departmental Data Protection

Paul Holmes
To ask the Secretary of State for the Home Department how many times (a) her Department and (b) the UK Border Agency lost or misplaced databases containing data on (i) British citizens and (ii) foreign nationals in each year since 1997; and what information relating to how many people was held on each such database.

Mr. Woolas
Since November 2007, any personal data losses are reported to the Information Commissioner. Home Office data is not available for earlier years.

The Home Office has publicised details of personal data-related incidents notified to the Information Commissioner’s Office in 2007-08 in its resource accounts published in August 2008. In the first half of 2008-09 a notification was made to the Information Commissioner regarding the PA Consulting data loss incident.

The Identity and Passport Service has published details of the personal data-related incidents notified to the Information Commissioner’s Office in 2007-08 in its annual report and accounts published on 26 June 2008. In the first half of 2008-09 no notifications were made to the Information Commissioner.

The Criminal Records Bureau did not report any notification of loss or mishandling of any personal data to the Information Commissioner’s Office for the period 2007-08 or for the first half of 2008-09.

Mr. Vara
To ask the Secretary of State for the Home Department when her Department appointed a senior information risk owner in accordance with the report, Data Handling Procedures in Government and the accompanying document Cross-departmental Actions: Mandatory Minimum Action; when the appointment was made; and what grade the person holds within the Department.

Mr. Woolas
The senior information risk owner (SIRO) for the Home Office was appointed in April 2005. She is a board level director-general. The role fully accords with the recommendations contained in the report on Data Handling Procedures in Government published in June 2008.

Anne Main
To ask the Secretary of State for the Home Department if she will place in the Library a copy of her Department's IT security hierarchy.

Mr. Woolas
Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

It is not in the interest of the security of the Department, or that of the public, to disclose detailed information pertaining to electronic breaches of security of Department’s IT systems. Disclosing such information would enable criminals and those who would attempt to cause disruptive threats to the Department to deduce how to conduct attacks and therefore potentially enhance their capability to carry out such attacks.