Francis Maude is now Shadow Minister for the Cabinet Office and Shadow Chancellor of the Duchy of Lancaster. (I’m sure he’s confident enough not to ask people to call him "Shadow Chancellor" for short!) Yesterday he raised the extremely important issue of data security.
"Mr. Francis Maude (Horsham) (Con): The Cabinet Secretary’s report on data handling and security, which was published back in June, admitted that urgent action was needed to improve data security across the Government. Three years earlier, back in 2005, the Walport report, which came from the Government’s own council on science and technology, had already recommended a series of changes to Whitehall practice in order to protect people’s personal data. Why did the Government not even bother to respond to the report, let alone introduce any of its recommendations for action that were proposed three years ago?
Mr. Watson: The right hon. Gentleman and I have rehearsed this argument over a number of months. The Government have put in place a series of strong measures to tighten down on data loss, which I think compares very favourably to the private sector. We do penetration testing from user-friendly hackers; we restrict access to removable electronic devices; and encryption is now the norm. I say again that, compared to the private sector, where a third of companies do not even know when data loss has happened and 60 per cent. refuse to tell their customers when there has been one, we are leading the way in the public sector. I know that one of the right hon. Gentleman’s second jobs is as a banker—and banks are notorious for not revealing data losses—so I hope that he is not trying to set one rule for the public sector in his day job and another rule for the private sector in his secondary-income job.
Mr. Maude: I remind the Minister that his responsibility is for data security across government. He will know that one of the recommendations—or, rather, requirements—of Sir Gus O’Donnell’s report was for all Departments to introduce privacy impact assessments so that threats to data security could be considered properly. Why, then, has the Home Office refused to provide such an impact assessment for the identity cards project, why has the Department of Health refused to draft one for the NHS Spine project, and why has the Department for Children, Schools and Families refused to provide one for the ContactPoint children’s database? How can we trust the Government to protect the privacy of law-abiding citizens when they systematically ignore their own requirements?
Mr. Watson: We have achieved a staggering amount of progress in making data safe in government. We are changing day by day, and thousands of people have been involved in the training project. I ask the right hon. Gentleman to take advice from his hon. Friend the Member for Ruislip-Northwood (Mr. Hurd), who has a secondary job as a consultant for a corporate social responsibility firm that trades under the maxim “Public reporting has become fundamental to a company’s trustworthiness”—
The Government’s spectacularly poor record on this matter is a cause of huge concern, and also further undermines the case for ID cards. Perhaps the minister would have been well-advised not to make cracks about Tory MPs having second jobs when Labour have taken their collective eye off the ball so wantonly – especially now that he has direct responsibility.