To ask the Secretary of State for Environment, Food and Rural Affairs pursuant to the answer of 6 February 2012, Official Report, column 80W, on departmental data protection, what data or information was compromised and under what circumstances in each of the five cases of data loss and breaching confidentiality; what steps her Department took in response to each case; and if she will make a statement.
Two of the data loss incidents concerned staff records lost in transit by (i) a mail courier and (ii) loss on a train; the staff affected were made aware of the losses. The third data loss incident involved a list of possible nominees for a specialist panel. This was left on public transport, however it was quickly recovered intact with no compromise of integrity or confidentiality. Where staff members were responsible for the losses, action was taken under the Department's disciplinary procedures.
The two breaches of confidentiality concerned unauthorised disclosures which when investigated were not found to relate to protectively marked information. They had no impact on the business of the Department and did not involve personal data.
The Department takes all cases of data loss very seriously and all reported incidents are investigated by the departmental security officer. DEFRA and its agencies report all critical and significant personal data security breaches to the Cabinet Office and the Information Commissioners Office. Information on personal data security breaches is published on an annual basis in the Department's annual resource accounts.
Additionally all critical and significant control weaknesses, including other critical and significant security breaches, are included in the Statement of Internal Control which is published within the annual resource accounts.
The incidents referred to in this reply all occurred after March 2011 and therefore have yet to appear in published accounts.