Show Search Form

Search Results

registered interest	true false
date	exactly: or between: and
answering body
answering dept id
answering dept short name
answering dept sort name
hansard heading
house id
legislature	pref label
question text
tabling member constituency
tabling member printed
uin
answer	is ministerial correction true false date of answer exactly: or between: and answer text answering member constituency answering member printed question first answered answering member label
tabling member	label

Search

1029557

registered interest
date	20/12/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, pursuant to the Answer of 20 December 2018 to Question 202801, for what reason no reference was made in that Answer to the number of Government Departments which use (a) a system for identifying external emails to recipients and (b) a protocol for timely staff reporting of suspicious emails.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	204633
answer	answer is ministerial correction date of answer 07/01/2019 answer text <p>Cabinet Office does not hold this information centrally. It is the responsibility of each government department to manage how they receive external emails and report suspicious emails based on their security requirements. Domain-based Message Authentication Protocol (DMARC) is the system in which Departments identify external email.</p><p>The NCSC provides guidance and support to government departments on how to implement good cyber hygiene for staff, including the reporting of suspicious emails of which Cabinet Office have no central record of these figures.</p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 07/01/2019 17:25:19 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

1027224

registered interest
date	17/12/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, how many Government Departments use (a) a domain message authentication reporting and conformance cybersecurity system (b) a system for identifying external emails to recipients and (c) a protocol for timely staff reporting of suspicious emails.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	202801
answer	answer is ministerial correction date of answer 20/12/2018 answer text <p>Active Cyber Defence (ACD) is a collection of services implemented by the NCSC that aim to protect the UK from the high-volume commodity attacks that affect people’s everyday lives. Mail Check is one of these services which enables an organisation to authenticate the email they send so that a receiver can determine if it is genuine or fake using Domain-based Message Authentication Protocol (DMARC). The NCSC plans to implement Mail Check for all 44 Central Government departments - in December 2018 95% were actively using Mail Check and 80% had adopted a basic DMARC policy.</p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 20/12/2018 15:33:07 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

1024009

registered interest
date	12/12/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, pursuant to the Answer of 27 November 2018 to Question 196203 and with reference to the Government's Technology Code of Practice principles Cloud First policy, whether it is Government policy to prevent any government department or service from storing cloud-based data hosted in any specific nation states.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	201721
answer	answer is ministerial correction date of answer 07/01/2019 answer text <p>Neither the Technology Code of Practice nor the Cloud First Policy directly prevent government departments or services from storing cloud based data in any specific nation state. It is the responsibility of each government department to take risk-based decisions about their use of cloud providers for the storage of government data.</p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 07/01/2019 17:16:11 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

1015347

registered interest
date	27/11/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, what factors are taken into consideration when decisions are taken on storing government data by contracted private sector cloud companies.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	196203
answer	answer is ministerial correction date of answer 03/12/2018 answer text <p>In order to establish the merits of storing government data with a contracted private sector cloud company, departments should use the <a href="https://www.gov.uk/government/publications/technology-code-of-practice/technology-code-of-practice" target="_blank">Technology Code of Practice </a>principles and follow the government <a href="https://www.gov.uk/guidance/government-cloud-first-policy" target="_blank">Cloud First policy</a>. Both of these policies provide clear guidelines of the things a department should consider, recognising that there is not one single solution for all departments.</p><p> </p><p>It is the responsibility of each government department to take risk-based decisions about their use of cloud providers for the storage of government data up to “OFFICIAL” level. When considering a commercial provider, departments should take into account the cloud security principles developed by the National Cyber Security Centre (<a href="https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles" target="_blank">https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles</a>).</p><p> </p><p>Finally, the solution must provide the best value for the taxpayer.</p> answering member constituency Hertsmere answering member printed Oliver Dowden question first answered 03/12/2018 16:36:01 answering member 4441 label Biography information for Oliver Dowden
tabling member	4673 label Biography information for Jo Platt

1000229

registered interest
date	02/11/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, how many data breaches were reported by each Government department to the Government Security Group in each of the last four years.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	187361
answer	answer is ministerial correction date of answer 12/11/2018 answer text <p>Cabinet Office does not require central reporting of data breaches by government departments.</p><p> </p><p>The <a href="https://www.gov.uk/government/publications/the-minimum-cyber-security-standard" target="_blank">minimum cyber security standard</a> outlines the communications required by a department when there is a security incident that impacts on sensitive information or key operational services.</p><p> </p><p>The Government Security Group would be involved in the response to a category one or two</p><p>cyber security incident impacting a central government department(s), however to date an incident of this type has not occurred.</p><p> </p><p>The <a href="https://www.ncsc.gov.uk/news/annual-review-2018" target="_blank">National Cyber Security Centre’s Annual Report (2018)</a> provides the total number of incidents it has dealt with over the past year.</p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 12/11/2018 09:37:31 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

997215

registered interest
date	29/10/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, how many data breaches were recorded by each government department in each of the last four years.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	185107
answer	answer is ministerial correction date of answer 01/11/2018 answer text <p>The Cabinet Office does not require central Government Departments to report their personal data breaches and so does not hold this information centrally.</p><p> </p><p>In June of 2018 the Minimum Cyber Security Standards were published requiring each department to have a plan to reporting data breaches. It states that</p><p><em> </em></p><p><em>Departments shall have communication plans in the event of an incident which includes notifying (for example) the relevant supervisory body, senior accountable individuals, the Departmental press office, the National Cyber Security Centre (NCSC), Government Security Group (Cabinet Office), the Information Commissioner’s Office (ICO) or law enforcement as applicable (not exhaustive).</em></p><p> </p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 01/11/2018 12:16:49 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

997216

registered interest
date	29/10/2018
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, what recent estimate he has made of the number of separate teams or organisations throughout government tasked with protecting information or monitoring data breaches.
tabling member constituency	Leigh
tabling member printed	Jo Platt
uin	185108
answer	answer is ministerial correction date of answer 01/11/2018 answer text <p>The Cabinet Office does not record centrally the number of separate teams or organisations tasked with protecting information or monitoring data breaches. However, the Government Chief Security Officer (GSCO) is ensuring that each department has a Senior Security Advisor responsible for advising their boards on security risks and appropriate steps to mitigate them.</p> answering member constituency Aylesbury answering member printed Mr David Lidington question first answered 01/11/2018 15:38:42 answering member 15 label Biography information for Sir David Lidington
tabling member	4673 label Biography information for Jo Platt

746238

registered interest
date	28/06/2017
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, what estimate he has made of the number of data breaches across central Government Departments in (a) 2015-16 and (b) 2016-17.
tabling member constituency	Sheffield, Heeley
tabling member printed	Louise Haigh
uin	1759
answer	answer is ministerial correction date of answer 03/07/2017 answer text <p>The Cabinet Office does not require Central Government Departments to report their personal data breaches and so does not hold this information centrally. Each department is accountable to Parliament for the protection of data that they hold. Departments formally report data breaches to the Information Commissioner’s Office where appropriate and record these breaches in their Annual Reports.</p> answering member constituency Romsey and Southampton North answering member printed Caroline Nokes question first answered 03/07/2017 15:07:08 answering member 4048 label Biography information for Caroline Nokes
tabling member	4473 label Biography information for Louise Haigh

573993

registered interest
date	02/09/2016
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, what steps he is taking to ensure that government departments and executive agencies return people's personal identification documents by secure delivery.
tabling member constituency	North Swindon
tabling member printed	Justin Tomlinson
uin	44862
answer	answer is ministerial correction date of answer 09/09/2016 answer text <p>Personal identification documents can be requested by departments to verify an individual’s identity for a service that they provide. It is for each department to determine the most appropriate method for returning these documents to the individual, taking into account the risk of loss and potential for fraud. Departments that regularly handle personal identification documents are expected to have clear procedures in place to return documentation to the owner.</p><p>The government has also launched ‘Verify’ on the GOV.uk website. As more government services are provided online and using the Verify service, the need for personal identity documents to be sent in hard copy through the postal network will be reduced.</p> answering member constituency Ipswich answering member printed Ben Gummer question first answered 09/09/2016 12:26:26 answering member 3988 label Biography information for Ben Gummer
tabling member	4105 label Biography information for Justin Tomlinson

438088

registered interest
date	14/12/2015
answering body	Cabinet Office
answering dept id	53
answering dept short name	Cabinet Office
answering dept sort name	Cabinet Office
hansard heading	Government Departments: Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Minister for the Cabinet Office, on how many occasions Government departments have reported an information security breach since 2010.
tabling member constituency	Sheffield, Heeley
tabling member printed	Louise Haigh
uin	20079
answer	answer is ministerial correction date of answer 17/12/2015 answer text <p>Information regarding information security breaches is held by individual departments.</p><br /> answering member constituency West Suffolk answering member printed Matthew Hancock question first answered 17/12/2015 17:01:54 answering member 4070 label Biography information for Matt Hancock
tabling member	4473 label Biography information for Louise Haigh