{ "format" : "linked-data-api", "version" : "0.2", "result" : {"_about" : "http://eldaddp.azurewebsites.net/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&session.=2017%2F19&hansardHeading=Government+Departments%3A+Data+Protection", "definition" : "http://eldaddp.azurewebsites.net/meta/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&session.=2017%2F19&hansardHeading=Government+Departments%3A+Data+Protection", "extendedMetadataVersion" : "http://eldaddp.azurewebsites.net/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&session.=2017%2F19&_metadata=all&hansardHeading=Government+Departments%3A+Data+Protection", "first" : "http://eldaddp.azurewebsites.net/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&_page=0&session.=2017%2F19&hansardHeading=Government+Departments%3A+Data+Protection", "hasPart" : "http://eldaddp.azurewebsites.net/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&session.=2017%2F19&hansardHeading=Government+Departments%3A+Data+Protection", "isPartOf" : "http://eldaddp.azurewebsites.net/answeredquestions.text?tablingMemberPrinted.=Jo+Platt&session.=2017%2F19&hansardHeading=Government+Departments%3A+Data+Protection", "items" : [{"_about" : "http://data.parliament.uk/resources/1029557", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1029557/answer", "answerText" : {"_value" : "

Cabinet Office does not hold this information centrally. It is the responsibility of each government department to manage how they receive external emails and report suspicious emails based on their security requirements. Domain-based Message Authentication Protocol (DMARC) is the system in which Departments identify external email.<\/p>

The NCSC provides guidance and support to government departments on how to implement good cyber hygiene for staff, including the reporting of suspicious emails of which Cabinet Office have no central record of these figures.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2019-01-07", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2019-01-07T17:25:19.563Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-12-20", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, pursuant to the Answer of 20 December 2018 to Question 202801, for what reason no reference was made in that Answer to the number of Government Departments which use (a) a system for identifying external emails to recipients and (b) a protocol for timely staff reporting of suspicious emails.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "204633"} , {"_about" : "http://data.parliament.uk/resources/1027224", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1027224/answer", "answerText" : {"_value" : "

Active Cyber Defence (ACD) is a collection of services implemented by the NCSC that aim to protect the UK from the high-volume commodity attacks that affect people\u2019s everyday lives. Mail Check is one of these services which enables an organisation to authenticate the email they send so that a receiver can determine if it is genuine or fake using Domain-based Message Authentication Protocol (DMARC). The NCSC plans to implement Mail Check for all 44 Central Government departments - in December 2018 95% were actively using Mail Check and 80% had adopted a basic DMARC policy.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2018-12-20", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-12-20T15:33:07.493Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-12-17", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, how many Government Departments use (a) a domain message authentication reporting and conformance cybersecurity system (b) a system for identifying external emails to recipients and (c) a protocol for timely staff reporting of suspicious emails.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "202801"} , {"_about" : "http://data.parliament.uk/resources/1027225", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1027225/answer", "answerText" : {"_value" : "

Government departments are responsible for ensuring adequate staffing levels to meet the organisational risk it carries. Though no single target number for cyber security specialists exist, the Government Security Profession team will support departments through the delivery of centralised strategy for the recruitment and retention of cyber skills in departments.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2018-12-20", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-12-20T15:34:56.1Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-12-17", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, whether the Government security profession unit has a target for the number of cyber-security professionals it plans to recruit.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "202802"} , {"_about" : "http://data.parliament.uk/resources/1024009", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1024009/answer", "answerText" : {"_value" : "

Neither the Technology Code of Practice nor the Cloud First Policy directly prevent government departments or services from storing cloud based data in any specific nation state. It is the responsibility of each government department to take risk-based decisions about their use of cloud providers for the storage of government data.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2019-01-07", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2019-01-07T17:16:11.237Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-12-12", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, pursuant to the Answer of 27 November 2018 to Question 196203 and with reference to the Government's Technology Code of Practice principles Cloud First policy, whether it is Government policy to prevent any government department or service from storing cloud-based data hosted in any specific nation states.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "201721"} , {"_about" : "http://data.parliament.uk/resources/1015347", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1015347/answer", "answerText" : {"_value" : "

In order to establish the merits of storing government data with a contracted private sector cloud company, departments should use the Technology Code of Practice <\/a>principles and follow the government Cloud First policy<\/a>. Both of these policies provide clear guidelines of the things a department should consider, recognising that there is not one single solution for all departments.<\/p>

<\/p>

It is the responsibility of each government department to take risk-based decisions about their use of cloud providers for the storage of government data up to \u201cOFFICIAL\u201d level. When considering a commercial provider, departments should take into account the cloud security principles developed by the National Cyber Security Centre (https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles<\/a>).<\/p>

<\/p>

Finally, the solution must provide the best value for the taxpayer.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4441", "label" : {"_value" : "Biography information for Oliver Dowden"} } , "answeringMemberConstituency" : {"_value" : "Hertsmere"} , "answeringMemberPrinted" : {"_value" : "Oliver Dowden"} , "dateOfAnswer" : {"_value" : "2018-12-03", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-12-03T16:36:01.767Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-11-27", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, what factors are taken into consideration when decisions are taken on storing government data by contracted private sector cloud companies.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "196203"} , {"_about" : "http://data.parliament.uk/resources/1000229", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1000229/answer", "answerText" : {"_value" : "

Cabinet Office does not require central reporting of data breaches by government departments.<\/p>

<\/p>

The minimum cyber security standard<\/a> outlines the communications required by a department when there is a security incident that impacts on sensitive information or key operational services.<\/p>

<\/p>

The Government Security Group would be involved in the response to a category one or two<\/p>

cyber security incident impacting a central government department(s), however to date an incident of this type has not occurred.<\/p>

<\/p>

The National Cyber Security Centre\u2019s Annual Report (2018)<\/a> provides the total number of incidents it has dealt with over the past year.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2018-11-12", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-11-12T09:37:31.903Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-11-02", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, how many data breaches were reported by each Government department to the Government Security Group in each of the last four years.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "187361"} , {"_about" : "http://data.parliament.uk/resources/997215", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/997215/answer", "answerText" : {"_value" : "

The Cabinet Office does not require central Government Departments to report their personal data breaches and so does not hold this information centrally.<\/p>

<\/p>

In June of 2018 the Minimum Cyber Security Standards were published requiring each department to have a plan to reporting data breaches. It states that<\/p>

<\/em><\/p>

Departments shall have communication plans in the event of an incident which includes notifying (for example) the relevant supervisory body, senior accountable individuals, the Departmental press office, the National Cyber Security Centre (NCSC), Government Security Group (Cabinet Office), the Information Commissioner\u2019s Office (ICO) or law enforcement as applicable (not exhaustive).<\/em><\/p>

<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2018-11-01", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-11-01T12:16:49.12Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-10-29", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, how many data breaches were recorded by each government department in each of the last four years.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "185107"} , {"_about" : "http://data.parliament.uk/resources/997216", "AnsweringBody" : [{"_value" : "Cabinet Office"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/997216/answer", "answerText" : {"_value" : "

The Cabinet Office does not record centrally the number of separate teams or organisations tasked with protecting information or monitoring data breaches. However, the Government Chief Security Officer (GSCO) is ensuring that each department has a Senior Security Advisor responsible for advising their boards on security risks and appropriate steps to mitigate them.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/15", "label" : {"_value" : "Biography information for Sir David Lidington"} } , "answeringMemberConstituency" : {"_value" : "Aylesbury"} , "answeringMemberPrinted" : {"_value" : "Mr David Lidington"} , "dateOfAnswer" : {"_value" : "2018-11-01", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-11-01T15:38:42.98Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "53"} , "answeringDeptShortName" : {"_value" : "Cabinet Office"} , "answeringDeptSortName" : {"_value" : "Cabinet Office"} , "date" : {"_value" : "2018-10-29", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "Government Departments: Data Protection"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Minister for the Cabinet Office, what recent estimate he has made of the number of separate teams or organisations throughout government tasked with protecting information or monitoring data breaches.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4673", "label" : {"_value" : "Biography information for Jo Platt"} } , "tablingMemberConstituency" : {"_value" : "Leigh"} , "tablingMemberPrinted" : [{"_value" : "Jo Platt"} ], "uin" : "185108"} ], "itemsPerPage" : 10, "page" : 0, "startIndex" : 1, "totalResults" : 8, "type" : ["http://purl.org/linked-data/api/vocab#ListEndpoint", "http://purl.org/linked-data/api/vocab#Page"]} }