Security Breaches (Data Loss)

Oral Answers to Questions — Duchy of Lancaster – in the House of Commons at 11:30 am on 12th November 2008.

Alert me about debates like this

Photo of David Heathcoat-Amory David Heathcoat-Amory Conservative, Wells 11:30 am, 12th November 2008

How many electronic breaches of security relating to information held by his Department there were in the last 12 months.

Watch this
Embed this video

Copy and paste this code on your website

Hide

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

I am sure that the right hon. Gentleman, as a long-serving Member of this House, will appreciate that our disclosure policy is underpinned by advice from security experts. In this area, we are advised that it is not in our security interests to confirm information regarding electronic attacks against Government IT systems.

Watch this

Photo of David Heathcoat-Amory David Heathcoat-Amory Conservative, Wells

Perhaps I could inform the House, if the Minister will not, that over the past 12 months the Information Commissioner has reported 176 admitted breaches of data security by the public sector. That is a shameful record, for which the Government are responsible. Will they now abandon plans for further centralisation of personal data—either for identity cards or intercepts of e-mails and telephone calls—because the Government are plainly incapable of obeying their own laws on personal data security?

Watch this

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

We are determined to keep the country safe and we will put in place the tools that are required to do the job. The answer to the right hon. Gentleman's question is that he knows that those data losses have taken place because we put forward a disclosure policy, which we believe is the only way to get the necessary culture change in government and in the public sector—although the problem applies to the private as well as the public sector—whereby people's personal data are treated in the same way as people's own money.

Watch this

Photo of Andrew Miller Andrew Miller Chair, Regulatory Reform Committee, Chair, Regulatory Reform Committee

What has happened in respect of the training of public servants since the important reports by Sir Edmund Burton and the Cabinet Secretary? What other steps is the Minister taking to improve public confidence in the Government's handling of private data? Will he ensure that a transparent policy is adopted?

Watch this

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

My hon. Friend is right: training is at the heart of the matter. I am informed that Her Majesty's Revenue and Customs has trained more than 90,000 of its staff in data handling. In my view, that compares very favourably to the private sector, where a recent survey showed that a third of companies do not even know when they have data losses, whereas the transparency policy that we introduced will lead to a culture change across the whole of the public sector.

Watch this

Photo of Paul Rowen Paul Rowen Shadow Minister, Work & Pensions, Whip

In the light of the number of data losses from public bodies, will the Minister consider increasing the penalties for those who mishandle our data, so that they begin to appreciate just how important it is that private and personal data should be treated as such—and not in the offhand way of many public bodies in the past?

Watch this

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

I understand the hon. Gentleman's point. The Walport review has looked into the matter and will be reporting back to the House in the months to come.

Watch this

Photo of Francis Maude Francis Maude Shadow Minister (Cabinet Office)

The Cabinet Secretary's report on data handling and security, which was published back in June, admitted that urgent action was needed to improve data security across the Government. Three years earlier, back in 2005, the Walport report, which came from the Government's own Council for Science and Technology, had already recommended a series of changes to Whitehall practice in order to protect people's personal data. Why did the Government not even bother to respond to the report, let alone introduce any of its recommendations for action, which were proposed three years ago?

Watch this

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

The right hon. Gentleman and I have rehearsed this argument over a number of months. The Government have put in place a series of strong measures to tighten down on data loss, which I think compares favourably to measures in the private sector. We do penetration testing from user-friendly hackers; we restrict access to removable electronic devices; and encryption is now the norm. I say again that, compared to the private sector, where a third of companies do not even know when data loss has happened and 60 per cent. refuse to tell their customers when there has been one, we are leading the way in the public sector. I know that one of the right hon. Gentleman's second jobs is as a banker—banks are notorious for not revealing data losses—so I hope that he is not trying to set one rule for the public sector in his day job and another rule for the private sector in his secondary-income job.

Watch this

Photo of Francis Maude Francis Maude Shadow Minister (Cabinet Office)

I remind the Minister that his responsibility is for data security across government. He will know that one of the recommendations—or, rather, requirements—of Sir Gus O'Donnell's report was for all Departments to introduce privacy impact assessments so that threats to data security could be considered properly. Why, then, has the Home Office refused to provide such an impact assessment for the identity cards project, why has the Department of Health refused to draft one for the NHS Spine project, and why has the Department for Children, Schools and Families refused to provide one for the ContactPoint children's database? How can we trust the Government to protect the privacy of law-abiding citizens when they systematically ignore their own requirements?

Watch this

Photo of Tom Watson Tom Watson Parliamentary Secretary (Cabinet Office), Member, Labour Party National Executive Committee

We have achieved a staggering amount of progress in making data safe in government. We are changing day by day, and thousands of people have been involved in the training project. I ask the right hon. Gentleman to take advice from his hon. Friend Mr. Hurd, who has a secondary job as a consultant for a corporate social responsibility firm that trades under the maxim "Public reporting has become fundamental to a company's trustworthiness"—

Watch this