Schedule 2 - Activities liable to control under the Act
Private Security Industry Bill [Lords]
6:45 pm
Mr John Bercow (Buckingham, Conservative)
I am certainly not an enthusiast for the corporate state, but that does not in any way preclude me from recognising the significant expertise as well as the representative character of the Confederation of British Industry. It is concerned, as I think the Minister will acknowledge, that the Bill could have a damaging impact upon the IT industry, and could hinder the Government's aim to make the United Kingdom the best place in the world in which to conduct e-business.
The argument is simple. The current wording of the Bill necessitates the amendment, as it is unclear whether the Bill covers people working in information technology such as systems administrators and IT support staff, whose duties range from the building of firewalls to the protection of a network from attack to educating employees on what sort of passwords to use. Given the difficulty that some businesses already have in recruiting specialised and experienced IT professionals, any proposal that endangers that species and makes their recruitment more difficult would exacerbate the present problem and should, if at all possible, be avoided by the Government.
We all know that there was extensive consultation in advance of the introduction of the Bill. We do not dispute that, and we have debated the Bill on many occasions. However, that consultation—quite properly—was with the organisations that it was envisaged would be affected by the Bill. The IT security sector did not originally expect to be affected and had no reason to think that the Government wanted it to be. However, it is now anxious that it might be.
That is a problem. The drafting of the Bill has seemingly inadvertently drawn in the IT security industry, as my hon. Friend the Member for Surrey Heath explained during our deliberations last week. Paragraph 5 defines the activities of security consultants as falling under the designated activities of clause 3, the conduct of which without a licence will be against the law. Security consultants are defined as those who give advice about taking security precautions or engaging security operatives. The wording makes no distinctions between physical and information security, or between tangible and intangible assets.
It therefore appears possible—I put the point no more strongly than that—that information security consultants, as no specific distinction is made between them and others, and they are not consciously excluded, could fall within the scope of the Bill, as bouncers and wheelclampers do. IT security consultants are not mentioned—the Minister will not dispute that, as it is an incontrovertible fact—in the exemptions to paragraph 5, which, as we know from debate, include exemptions for those giving legal and financial advice and for the activities of an accountancy body.
The inclusion of the IT sector is undesirable if it is deliberate, but in a sense is even more so if it is not deliberate. If it happens by default, that is deeply regrettable, as it would mean that no protection of the sector would have been provided alongside the regulatory mechanisms that the Government have decided are appropriate. We want inclusion by inadvertence even less than we want deliberate inclusion. IT security consultants could be licensed under a Bill that has been drafted without their being consulted.
The Minister will not be surprised by the fact that I want to refer to remarks that he made on Second Reading. He said that the Government had no current intention of bringing
``the information security industry within the scope of the new licensing regime established by the Bill''.—[Official Report, 28 March 2001; Vol. 366, c. 974.]
He went on to insert a significant and—from our point of view, and especially from the industry's—worrying caveat. It was that the Department of Trade and Industry would consult on whether that should be done in future. If it decided so to do, all that would then be required would be to impose a licensing requirement on the information security industry via secondary legislation. An unconsulted sector that did not expect to be threatened would find that it was, and would have precious little, if any, opportunity to do anything about it. The sledgehammer of secondary legislation would bring in regulation, direction and control that the industry never expected to be on the receiving end of.
As the Minister knows, the Confederation of British Industry believes, according to its parliamentary brief, that
``the information security industry . . . Should not be included in a Bill on which it was not consulted . . . Should not be the subject of secondary legislation when it hasn't been consulted on the relevant primary legislation . . . Should not have to show that regulation of this sector isn't needed when those proposing''
legislation, or allowing for it,
``have not had to make the case that it is''.
It further states that the sector
``Should not be potentially subject to a licensing regime that has come about through oversight rather than a considered and intentional government policy''.
Those reasons are cogent. The brief says:
``The CBI urges the Standing Committee to amend Schedule 2(5) to include an explicit exemption of IT security consultants. Although the secondary legislation can be drafted to exclude IT security consultants, the fact that the primary legislation was never intended to include IT security in the first place makes it preferable to amend the Bill itself.''
That way, we would have an assurance. The sector would have the greater peace of mind that it should enjoy. We ought to be conscious that we have significant power to affect the sector in this place. That power should be used for good and not for ill. I hope that the Committee will act immediately to end the confusion and uncertainty and remove a potential barrier to e-business.
At an earlier stage, there was some publicity about the CBI's concerns about the Bill. I hope that the Minister will take careful note of what the head of e-business of that organisation, Mr. Hickson, was quoted as saying, which was that he fears that the Government have
``gone from never having even dreamed of licensing IT security professionals, to proposing it by accident, to essentially challenging the industry to say why the profession shouldn't be licensed''.
That seems to be an inversion of responsibility.
I have tried to make important arguments as briefly as I can. I look forward to the Minister's reply. I am conscious of the fact that—I expect a cheer—this will be my last contribution in the Committee, so I thank you, Mr. Winterton, warmly and genuinely, for your fair, firm, tolerant and robust chairmanship. I say that to someone who I hope is now widely acknowledged in the House of Commons as one of the finest parliamentarians of our time.