Previous Section Index Home Page

The Secretary of State has told us that the agency in question was informed in May. Why has she come to the House only now to tell us what has happened? What has been happening in the interim few months to safeguard this data and do something about the problem? What grade of staff were responsible for the breach of the rules announced today? What requirements do the Secretary of State’s Department and its agencies require
17 Dec 2007 : Column 627
of their contractors for the storage and copying of data on discs by those contractors? What is the structure of responsibility under her Department’s data controller to make sure that, right across her Department, its agencies and their contractors, confidentiality rules are complied with? What steps have her Department and its agencies taken to ensure that their contractors make sure that all those with access to data are properly trained and sufficiently senior to understand the importance of complying with these critically important rules?

Have the police been informed of the incident? Are any disciplinary measures being taken as a result of the incident? Will any sanctions be imposed under the Data Protection Act? Were appropriate rules obeyed for exporting data outside the UK, as the data went missing in Iowa? Who gets the bill for any losses arising from misuse of lost data—the taxpayer, or the victim of identity theft? Does the Secretary of State agree that this incident—as well as the HMRC disaster—is another blow to her plans for an untested “spy in the sky” national road-pricing scheme? How can the public possibly trust her Department with information on every journey made by every one of the 33 million vehicles on Britain’s roads if it cannot be trusted with the data that it already has?

As far back as February 2006, the Government admitted that they had a problem with data handling by their agencies. The then Minister for Transport announced a review aimed at producing a system that would protect the public from misuse of their information. He emphasised the following:

In the review announced, the Information Commissioner expressed his serious concern about the importance of ensuring that the information overseen by the Department for Transport was protected and properly treated, yet in the past two weeks we have learned that the DVLA sent the personal details, including motoring convictions, of anything up to 1,215 drivers to the wrong people, that it lost data for 7,600 Northern Ireland vehicles and drivers in the post, and that the unencrypted discs were actually posted on 20 and 21 November—after the news of the HMRC disaster was made public.

Taken together with the catastrophe at HMRC, this is further evidence of systemic failure in the Government’s handling of private data, and evidence of a basic lack of competence by this Government. Quite simply, the Government are failing in their duty to obey their own laws on data protection, and failing in their primary and fundamental duty to protect the interests of the people whom they were elected to serve.

Ruth Kelly: I was about to congratulate the hon. Lady on the way in which she has treated this matter, and while it is of course serious, we should look at the facts in this case and communicate them, as appropriate, to the public. I think that she acknowledged that in her opening remarks.

It is of course right that there is good practice in government, and that agencies, chief executives of those agencies and the Department for Transport have a duty to follow that good practice, and to make sure that any transfer of data complies with those standards, as indeed
17 Dec 2007 : Column 628
should the transfer of data outsourced to contractors as in this case, contractors, including, in a country other than the United Kingdom. In this specific case, the external contractor, Pearson, was under an obligation to follow the principles laid down in the Data Protection Act. There is a “safe harbour” relationship with the United States where that may be appropriate, and these data were outsourced in that spirit.

The hon. Lady asked whether any vehicle details were involved, and I can confirm that they were not. She asked how many people were involved. I said in my statement that just over 3 million individuals were involved. She suggested that the data were somehow sent by post—they were not. As I set out in my statement, a hard disc drive was not found in the secure location of the external contractor in Iowa City where the contractor had expected to find it—on the shelf. It has assured us that it was formatted specifically to Pearson’s specific standards in a form that could not readily be accessible to a third party, and that it was not labelled in such a way as to draw overt attention to its contents. I have asked that Pearson notify the police. It tells me that it did not do so originally because it did not believe that a crime had been committed. However, I think it only sensible that the police be informed in this sort of situation.

The matter was first brought to my attention on 28 November. On 3 December, I sought comprehensive advice from the Information Commissioner as we were in the process of establishing the full facts of the case. On Friday afternoon, the Information Commissioner gave us the benefit of his advice, which was that he did not think in this case that the risks to the public were substantial, or that any of the individuals concerned needed to be notified directly. However, it was also said that it was appropriate to make available an advice line and use of a website that people could access. Issues to do with the Pearson contract are, of course, being reviewed by my Department, and if any appropriate action is required, it will be taken.

The right thing to do in such situations is to look at the facts in perspective. We should consider the risk to the public and whether appropriate measures have been taken by Ministers, when they are involved, to ensure that such a situation does not happen again. The Information Commissioner’s initial view is, first, that the risk to the public is not substantial, and secondly, that appropriate security measures have been taken. I intend to ensure that the agencies and the Department learn the lessons, and I have identified key actions to be taken that I think will further protect the public in the months to come.

Mrs. Gwyneth Dunwoody (Crewe and Nantwich) (Lab): How many systems in the agencies are not capable of communicating with the Department’s own system because they are different? How many of those are being pushed into the shared services system, which is obviously taking some years to bring into operation and does not seem to be working? Finally, given that my right hon. Friend is directly responsible for providing a secure driving agency that is capable of transmitting documents safely from one area to another, why is she not suggesting, not only to her Department but to other Whitehall Departments, that they use their own services, which they know work, rather than hand services over to incompetent people whose services they do not think will work?


17 Dec 2007 : Column 629

Ruth Kelly: I thank my hon. Friend for her comments, and I know how interested she is in the issue of shared services. The particular incident to which I referred in my statement is somewhat different; it concerns how data are backed up by the Driving Standards Agency’s external contractors and the procedures that are followed to ensure that those data are properly protected. As I have said, Pearson has been asked to notify the police. The Driving Standards Agency has already instituted a data protection audit of Pearson and is monitoring the contract in that light. These specific data were not readily accessible to third parties. However, she is right that there are lessons to be learned, not just by my Department and its agencies, but across Government. As part of the Cabinet Secretary’s review, I am of course making recommendations drawn from the lessons of this experience and learning from other Departments about the sorts of measures that we ought to have in place.

Susan Kramer (Richmond Park) (LD): I thank the Secretary of State for giving me half an hour’s advance sight of her statement.

The DVLA has form on mishandling data. In June 2006, it was caught selling data to private companies without adequate scrutiny, and in December this year, not only were confidential details sent to the wrong car owners as part of a survey, but the addresses, names and car particulars of nearly 8,000 owners from Northern Ireland were lost in the post on two uncoded discs.

We now hear the mind-bending news that the records of 3 million candidates for the driving test are missing on a hard drive from what is interestingly called a “secure facility” belonging to a company in Iowa. If that happened last May, why was the Secretary of State—never mind this House—not informed? Is it not outrageous that the victims have not been informed? I challenge the idea that this is not substantial—an e-mail address was included among the information. One can only imagine the e-mails to people saying, “Excuse me, but your payment for your driving test did not clear, so could you please resend the details?” Will the Secretary of State confirm that the information was sufficient for fraudsters to use to create false identities? Does she know, or has anyone checked, whether any of the data have been used fraudulently? What information has been passed to the people involved so that they can put in place some kind of protection?

The Secretary of State said that the information was outsourced in the spirit that it should be taken care of, but surely much more than that is involved. The message is clear: the culture must change. She has been saying that electronic data transfer will provide adequate protection, but even the Pentagon has been hacked into, so surely that would just change the method by which data are either lost or stolen. Does she not agree that the Government should be minimising data holding and that rapid destruction of data should become part of their culture?

While she is at it, will the Secretary of State be kind enough to tell me when she will answer the questions on data handling that I asked her Department on 27 November? Perhaps those questions were the reason why she got the information about Pearson on 28 November. Because I have received no answer, I would be interested to know what other information has gone missing that would be exposed by those questions.


17 Dec 2007 : Column 630

The magnitude of the loss that the Secretary of State announced will not be obscured by the measures that she mentioned, worthy though they might be, or those that the Chancellor announced a few moments ago. If my bank behaved like this, I would change it. Is not that an important message for the Government?

Ruth Kelly: I draw the hon. Lady’s attention, yet again, to the facts of the case. She talked about her bank, but there were no bank details involved in this instance. The data lost were the names of individuals, their addresses, their telephone numbers and, where provided, their e-mail addresses. I take every instance of data loss seriously, which is why I asked the Information Commissioner to review the entirety of this case, how it had been handled, what security measures had been put in place and to assess the risk to the public. He made it clear that he did not think that the facts as he knew them meant that the loss represented a substantial risk to a significant number of people. I apologise to those who have concerns as a result of the loss, which is why I thought it also appropriate that the Driving Standards Agency develop an advice line, to which people can turn if they are worried about the data loss, and to ensure that direct.gov.uk, the website, had information for those people.

The important point is whether we have put the matter right and whether we are learning the right lessons for handling data both in the Department for Transport and its agencies, and across Government, so that we can share information appropriately and ensure that it is adequately protected. The hon. Lady suggests that we should minimise the handling of personal information and not have large databases of personal information, but if people are asked whether they want to sort out their MOT or their tax affairs online, they will probably say that they do. Data handling is becoming more complex by the year, and indeed by the month. The important point is achieving the correct balance between the need for personal privacy and the desire and expectation on the part of the public that we provide a top-quality service.

The hon. Lady also mentioned specific cases that have come to attention in the last couple of weeks. It is true that there was an incident concerning the DVLA and the details of just over 1,000 individuals, which was due to a manual error. Procedures have been put in place that will minimise the risk of that occurring again. It is also the case that the Northern Ireland Driver and Vehicle Agency sent information by post that was subsequently mislaid by Parcelforce. I have asked my officials to examine whether plans to merge the two databases in Northern Ireland and Swansea could be accelerated in the light of the recent incident. The important point is that Ministers and the Government learn the lessons and ensure that people are appropriately protected in future.

Mrs. Siân C. James (Swansea, East) (Lab): The DVLA is in my constituency and it is, in effect, a large paper factory, with more than 100 million pieces of mail going out every year and 1 million pieces of mail coming in every week. It holds the records for 80 million people. I welcome what the Secretary of State has said about improving electronic transfer, but I urge her to ensure that adequate funding and training are also included, because without it we cannot take the staff and the agency forward into the 21st century.


17 Dec 2007 : Column 631

Ruth Kelly: I thank my hon. Friend for her comments. One of the lessons that will become apparent as a result of the Cabinet Secretary’s review of data handling across Government is that it is appropriate not just to have good guidance but to make sure that staff are appropriately trained to deal with data in a sensitive way. Compliance with arrangements, as well as dissemination of those arrangements, is of course a top priority.

Sir George Young (North-West Hampshire) (Con): What financial penalty will be visited upon Pearson for this breach of confidentiality?

Ruth Kelly: One of the issues that my officials are examining is whether there has been a breach of contract by Pearson and, if so, whether any financial penalties would be appropriate. That examination is continuing.

Dr. Stephen Ladyman (South Thanet) (Lab): As my right hon. Friend said, the Department for Transport and its agencies handle huge amounts of data—hundreds of millions of transactions every year. Do not these particular breaches stand out because they are so unusual and because everybody involved—civil servant and private contractor—has acted with commendable openness and frankness? In a world in which human beings are involved and mistakes are bound to happen, is it not true that the only thing that really protects us is when people are open and frank about those mistakes? The people involved should actually be congratulated on coming forward, because if Pearson had chosen not to tell anyone about this, we would not know about it even today.

Ruth Kelly: I congratulate my hon. Friend; I know he takes an interest in these matters. It is important that private sector contractors who deal with any agency of the Department for Transport or any part of Government feel that it is in their best interests to come forward, that the matter will be dealt with appropriately, that lessons are learned and that measures are put in place to minimise the risk of the problem happening again.

Mr. Gregory Campbell (East Londonderry) (DUP): In both the Iowa and the Northern Ireland case, what assurance can the Secretary of State give that there was not sufficient data on the discs that went missing to allow fraudsters to compile a useful database which they could use to cold-call many thousands of people for scams such as car insurance and the like?

Ruth Kelly: I can only reiterate the facts of what went missing on the hard disc drive in Iowa City. The hard disc drive did not contain the details of any individual’s bank account or credit card, nor their driving licence number or national insurance number; it did not contain their date of birth or their signature. All such information would be relevant to creating fraudulent identities. Specifically, the financial data were backed up separately from the personal data, and the Information Commissioner looked at that. He has concluded that there was not substantial loss to a significant number of individuals, and that is an important and relevant conclusion.

The Information Commissioner has also asked about the Northern Ireland case. The case of the Driver and Vehicle Agency in Northern Ireland is slightly different.
17 Dec 2007 : Column 632
It involved the details of 7,685 vehicles registered in Northern Ireland and the data consisted of the registered keeper’s name and address and vehicle data details, such as the registration mark, chassis number, make, model and colour. However, there were no financial details on the discs and the Driver and Vehicle Agency has written to all the individuals affected and established an advice line. It has flagged the computer records of all those involved, to alert staff in the event of any attempt to misuse the data.

Mr. Philip Hollobone (Kettering) (Con): Learner drivers in Kettering will be amazed to find that some of their personal details will have been on a hard disc drive in Iowa. How many other agencies engaged by the right hon. Lady’s Department hold supposedly secure and personal information on hard disc drives in other countries?

Ruth Kelly: As far as I am aware, this is the only instance of bulk details of personal data being held abroad. It is also the case that all individuals are now notified that their data will be processed abroad.

Mr. Mike Weir (Angus) (SNP): Given that the lapse was on the part of a private contractor, Pearson, given that the Secretary of State’s Department allows data out to other private contractors—most notably those who run private car parks who want to identify and pursue people who have parked for too long at, say, a supermarket—and given the many problems now being experienced with Government data, is it not time to review the whole process of allowing Government data outside a Department so that we keep Government data within government and do not use it for outside financial reasons?

Ruth Kelly: The hon. Gentleman makes an interesting point. Certainly, where we can take measures to minimise the risk of data loss—such as accelerating the electronic transfer of data, or merging databases where possible, and making sure that secure couriers are used for point-to-point transfer of bulk data—we should do so. However, in the light of these events, we should also think in each and every case whether it is appropriate to send data to a third party; or process data on behalf of a third—which may be a more appropriate response to the handling of individual data.

Mr. Oliver Heald (North-East Hertfordshire) (Con): Is it not a contractual term in all the Department’s dealings with contractors to keep personal data secure, and if it is not, why on earth not?

Ruth Kelly: Of course it is. It is not clear that the Data Protection Act has been breached in this case, given that the Act is based on eight principles, the seventh of which refers to appropriate safeguards being in place to secure the adequacy of security relating to individuals. In this case, it is clear that there were measures in place, even though they were not effective in this particular instance. We want to learn the lessons from that and to minimise any further risk of loss of data.

Mr. Charles Walker (Broxbourne) (Con): I thank the Secretary of State for making her “clear the decks before Christmas” statement. The real scandal is that any person setting up a dubious parking scheme can
17 Dec 2007 : Column 633
access the private details of vehicle owners from the Driver and Vehicle Licensing Agency. Will the Minister tell us what protocols are in place to ensure that organisations are fit and proper, and in a legitimate position to access the details of private car owners, who have often been caught unawares in illegal private car parking schemes?

Ruth Kelly: The hon. Gentleman is absolutely right to say that there have to be secure standards for relationships with third parties that use Government information. On the other hand, the standard of service that individuals want and expect from Government is such that data sharing is an inevitable part of modern life. People expect us to be able to share data appropriately while maintaining safeguards that will secure the use of their data. Of course, third parties need to follow the Data Protection Act. They also need to follow minimum security standards, as set out in the Government handbook. As a result of the audit that I am carrying out, and that the Cabinet Secretary is carrying out across Government, we will be looking at how data are used right across the Department and its agencies to make sure that the balance is appropriate.

Anne Main (St. Albans) (Con): Given that the loss was discovered only when someone could not locate the hard disc drive on some dusty shelf, will there be an audit of what hard disc drives are being stored, whether they are all where they ought to be, and whether the Secretary of State is happy with the security where they are stored?


Next Section Index Home Page