Previous Section Index Home Page

The Chancellor told us today that he would make a statement on some of those matters next week. May I ask him whether the necessary changes to protect depositors’
21 Jan 2008 : Column 1221
savings—the changes to the tripartite arrangement, with new powers for the FSA and clear rules for liquidity—will be in place before an acquisition or a nationalisation? It would be perverse if £50 billion of taxpayers’ money continued to be used to guarantee liabilities in one form or another, and the changes that the Government wish to see were not in place before a takeover or nationalisation.

Mr. Darling: The proposals that I will publish next week will require primary legislation. As the hon. Gentleman will know, that will inevitably take a few months, but I told the Treasury Committee that I wanted the legislation to be on the statute book before the end of the current parliamentary Session. I do not want to hold up any solution in relation to Northern Rock until all that is done. If the proposals I have outlined today bore fruit, the money lent by the Bank of England would be repaid in full; but I think we should proceed on the basis that we will get the legislation on the statute book during this Session if we can, and I hope that we will have all-party support for that.

Rob Marris (Wolverhampton, South-West) (Lab): The shadow Chancellor has accused my right hon. Friend the Chancellor of dithering. Let me tell my right hon. Friend that I welcome the calm and considered way in which he has gone about his decision making, in stark contrast to the flip-flopping, contradictory, incompetent positions adopted by the Conservatives. Can he give an indication of the disruption that would be experienced by home owners with Northern Rock mortgages if Northern Rock went into administration, as was advocated by the shadow Chancellor as recently as last week?

Mr. Darling: It is for the Conservatives to justify their policies. I just do not think that it is a very good idea.

Mr. Peter Lilley (Hitchin and Harpenden) (Con): The Chancellor repeatedly reassured the House that Northern Rock has a good quality loan book. I have no doubt that most of its old loans are well secured, but is it entirely credible that a company that increased its loan book by 50 per cent. at the top of the market in the year before banks stopped lending to it, did so without hoovering up some sub-prime mortgages as well as prime mortgages? Given that bad mortgages cannot be secured against good mortgages, does the Chancellor accept that he is accepting, on behalf of the taxpayer, the risk of all the bad mortgages in that loan book?

Mr. Darling: I was reporting what the FSA said about the Northern Rock mortgage book. It has said it on a number of occasions, and I believe it to be an accurate representation of the position.

Mr. Dennis Skinner (Bolsover) (Lab): Is the Chancellor aware that, along with many others, I am pleased that he has not ruled out public ownership? Way back when Ted Heath was the Prime Minister, the Tories had a cunning plan: they decided to take over Rolls-Royce. It turned out to be the wise thing to do, and we supported him in the Lobby—in fact, we ran in there. Then, in 1975, the Labour Government had to intervene to save
21 Jan 2008 : Column 1222
Burmah Oil. Some of us would much rather see public ownership than the handing over of large sums of money to Mr. Goody Two-Shoes Branson, because we might not get it back.

Mr. Darling: My hon. Friend’s position does not entirely surprise me. I was in school when Rolls-Royce was nationalised in, I think, 1971. I have set out my position. A limited period of public ownership must remain on the table, but what I am proposing could, if we can get the right terms and conditions, prove a better deal in the long term.

Peter Viggers (Gosport) (Con): To what extent will other banks be able to take advantage of the terms offered to Northern Rock?

Mr. Darling: As I have made clear, there are two bidders, and the board itself has also expressed an interest in the future of Northern Rock. As I have also said, the Government are happy to talk to anybody else who might express an interest.

Ms Sally Keeble (Northampton, North) (Lab): I very much welcome the approach that my right hon. Friend has set out, which has both protected people’s savings and jobs and prevented the contagion spreading from Northern Rock to other banks, which was a genuine risk last autumn. When my right hon. Friend comes forward with proposals for tighter supervision and regulation, will he also look at the rating agencies, which have a major role in assessing the risks posed to different investors?

Mr. Darling: Yes. The Financial Stability Forum is looking at rating agencies. I discussed a range of matters with my French, German and Italian counterparts when we met in Paris last week; one of them was what further changes might be made to credit rating agencies. I have always regarded them as an aid to decision making. When a bank or any other financial institution makes a decision as to whether to lend, it should certainly take a credit rating agency’s advice into account, but it should also exercise its own judgment and not rely totally on what the credit rating agency says. There are other issues in relation to possible conflicts of interest which also need to be looked at.

Sammy Wilson (East Antrim) (DUP): We have just come through one of the tightest comprehensive spending reviews since this Government came to office. One of the reasons for that is the current strain on public finances. Will the borrowing rules be relaxed to allow borrowing above planned borrowing for next year in order to finance this deal, or will there be a reduction in planned borrowing for infrastructure projects—and if so, which Departments does the Chancellor intend to delve into in order to finance this?

Mr. Darling: No. The additional money would need to be raised by investors in Northern Rock. As I have explained, the Government are providing a backstop guarantee. Nothing I have said today would affect the plans I set out last October.

Mr. Henry Bellingham (North-West Norfolk) (Con): Further to the question of my right hon. Friend the Member for Hitchin and Harpenden (Mr. Lilley), when did the FSA assessment of the loan book take place?

21 Jan 2008 : Column 1223

Mr. Darling: We have been carrying out assessments ever since the difficulties with Northern Rock first arose.

James Brokenshire (Hornchurch) (Con): The Chancellor emphasised in his statement the importance of taxpayers being able to share in the upside returns. Will he confirm that that would require the Government to take a shareholding in Northern Rock, and if so will he say what his minimum requirements would be in relation to such equity participation?

Mr. Darling: It would not require it, but one of the things that we will need to discuss over the next few weeks is what mechanisms would best ensure that if the company were sold and there were an upside return, the taxpayer could benefit to reflect the fact that we are providing backstop guarantees.

Anne Main (St. Albans) (Con): Given that the management structure has been criticised in connection with the running of Northern Rock, what role will the Government have in the management structure to ensure that we secure the best deal for the taxpayer?

Mr. Darling: As I have said on a number of occasions, the management of a company is a matter for its shareholders—its owners. The Government have never been in a position to say to a privately run company that so-and-so should be a director or manager and so-and-so should not. But I am clear about the fact that whatever changes occur, part of the restructuring will involve ensuring that we put in place a strong management who know what they are doing.

Mr. Graham Brady (Altrincham and Sale, West) (Con): The Chancellor said that the Bank of England’s lending will be repaid in full, but at what point does he propose to authorise it to publish full details of that lending?

Mr. Darling: Again, I have said on a number of occasions that I will consider that when it is appropriate to do so. What I want to avoid is providing a running commentary on Bank of England support. I look forward
21 Jan 2008 : Column 1224
to hearing what the Treasury Committee has to say, but I think that some sympathy exists for that approach. If we are successfully to allow for Bank of England intervention, we need to be able to act in a way that does not immediately draw attention to a bank and cause the very difficulties that we are trying to avoid.

Michael Fabricant (Lichfield) (Con): Given the unique and privileged access Richard Branson enjoyed to his travelling companion, the Prime Minister, will the Chancellor tell the House precisely what discussions have taken place between them regarding the Virgin bid?

Mr. Darling: I think I am right in saying that some 50 business men and women accompanied the Prime Minister on his visit to China and India. The discussions with the Virgin group, Olivant and the board started today, once the statement had been issued to the stock exchange. Of course we had to tell the board on Friday night what we were proposing, because of its obligations to the market. The discussions with the two bidders could not start until after that.

Mr. David Jones (Clwyd, West) (Con): Does the Chancellor agree with the assessment of the BBC’s business editor that the arrangements that he has announced this afternoon amount to a public “subsidy” of £1 billion for Northern Rock? If not, what figure would he put upon it?

Mr. Darling: As I have explained on a number of occasions this afternoon, the discussions that will now follow from my publication of proposals will determine to what extent, at what rate and how much the Government will provide backstop finance. Once those discussions have concluded, I will be able to report to the House.

Mr. Peter Bone (Wellingborough) (Con): Can the Chancellor confirm that under no circumstances will Northern Rock be allowed to go into administration?

Mr. Darling: I think that the hon. Gentleman’s question might be better directed at his own Front-Bench team.

21 Jan 2008 : Column 1225

MOD (Data Loss)

4.28 pm

The Secretary of State for Defence (Des Browne): Mr. Speaker, with your permission, I should like to inform the House about the theft of laptop computers from Ministry of Defence vehicles and premises. The MOD has clear policies, systems and procedures in place to protect the security of information, both personal data and classified information. We have software protection through encryption and a formal information security process through which individual IT systems and the databases they contain must be accredited by the appropriate MOD authorities. Our internal investigations following this theft reveal that those procedures were not followed. That was a breach of MOD security regulations.

As police investigations of the theft are at an active stage, I am limited in what I can say about the incident. It occurred on the night of Wednesday 9 January in Edgbaston, Birmingham. The laptop was left in a car that had been parked overnight and was unattended. That was a breach of security regulations. The stolen laptop contains personal information on about 600,000 people, the majority of whom had simply expressed an interest in joining the Royal Navy, the Royal Marines or the Royal Air Force.

We have no reason to believe that the theft was specifically targeted against the officer, or to acquire the laptop for the data held on it, but we cannot wholly discount that. Early in the morning after the laptop was left in the unattended car, as soon as the theft was discovered, it was reported to the local police and the relevant authorities in the MOD.

It is not clear to me why recruiting officers routinely carry with them information on such a large number of people—or, indeed, why the database retains such information at all. The information held is not the same for every individual. In some cases the record may be no more than a name, but I am advised that for about 153,000 people who progressed as far as submitting an application form to join the forces, more extensive personal data are held, including passport details, national insurance numbers, driver’s licence details, family details, doctors’ addresses and national health service numbers; for about 3,700 people, banking details were also included. The records largely date back to 2003, although some records may date back as far as 1997.

Ministers were informed of the loss of the laptop on Friday 11 January, although at that point it was believed that the data were fully encrypted. That is relevant because the level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications, and our IT authorities judge that a significant amount of time, resources and, in particular, expertise would be needed to access such data in a readable format.

The fact that the data were not encrypted was reported to Ministers on Monday 14 January. Subsequently, the Information Commissioner and the police authorities were informed, and as an immediate precaution all similar laptops were recalled from their users and secured. That was completed by 18 January. The theft is being investigated by the West Midlands police, assisted by
21 Jan 2008 : Column 1226
the Ministry of Defence police. After consultation with the police about the impact on the investigation were the theft to become public knowledge, I decided not to make a statement to Parliament last Thursday—although I was ready to do so. Unfortunately, news of the theft of the laptop was reported in the media on Friday evening and the MOD was obliged to issue a brief statement setting out the facts of the incident, as they were being reported inaccurately.

I discussed the need to issue a brief statement on Friday with Mr. Speaker and the hon. Members for Woodspring (Dr. Fox) and for North Devon (Nick Harvey). I also attempted to speak to the right hon. Member for North-East Hampshire (Mr. Arbuthnot) and my hon. Friend the Member for Cannock Chase (Dr. Wright), without success, although I have spoken to them both today. However, steps were taken to keep the Information Commissioner fully informed and to alert the Association for Payment Clearing Services so that banks could monitor the bank accounts listed in the database to prevent unauthorised access.

The intelligence services were also informed, and asked to assess whether the incident could lead to an increased threat to our personnel. Their view, understandably, was that the risk would depend on whether the information fell into the hands of extremists, but that there was no indication that had happened. Of course, we are keeping the matter under constant review.

Letters have been sent to all 3,700 people whose bank details were included in the database, and are being sent to the 153,000 people who applied to join the Royal Navy, the Royal Marines or the Royal Air Force during the relevant periods. We have set up a free telephone helpline, an e-mail address and an address for correspondence for use by anyone who is concerned about the implications of the data loss and wishes to seek further information.

As soon as the theft was reported, the Royal Navy began an internal investigation into the incident itself, which has now been completed. Steps are being taken by the Navy to prevent a recurrence, and the chain of command is considering appropriate action against the officer concerned.

An internal investigation is also under way by the MOD’s head of security into the wider security issues raised by the loss of the data. In the time available, the investigation has established that in addition to the laptop stolen on 9 January, two further laptops potentially containing similar data have been stolen. A Royal Navy laptop similar to that stolen on 9 January was stolen from a car in Manchester in October 2006, and an Army recruiting laptop, containing details of about 500 individuals, was stolen from a careers office in Edinburgh in December 2005.

These incidents were reported at the time to the local police and to the chain of command, although neither theft was reported to Ministers. Those involved believed that the data were protected by encryption and so no steps were taken to inform those whose records were potentially at risk. That is now being done in the same manner as I have described for those affected by the most recent loss. Nor was the Information Commissioner informed, but that has now been done. There is nothing to suggest that the earlier thefts have been exploited for criminal purposes or any other purpose in the intervening period.

21 Jan 2008 : Column 1227

As I said, our internal investigation has identified weaknesses in the application of MOD security procedures to the database, which is managed by the Army recruiting and training division on behalf of all three services.

In the time available, it has not been possible to establish all the facts, but it is clear that the database files were unencrypted, in breach of MoD procedures, and that there were shortcomings in security training and awareness among the relevant staff. Further, although the MOD was a full participant in the Cabinet Office-led review following the loss of data by Her Majesty’s Revenue and Customs, the thefts and the failure to comply with agreed MOD procedures for the system were not highlighted by those responsible for the system during the first phase of that review.

Accordingly, following consultation with the Information Commissioner, I have invited Sir Edmund Burton to undertake a full investigation into how these weaknesses came about, including responsibility for any breach of security and accreditation procedures, and to review the steps that we have taken to prevent any recurrence. Sir Edmund is chairman of the Information Assurance Advisory Council and supports the Cabinet Office in the implementation of the Government’s information assurance strategy. He is also a former chairman of the Police Information Technology Organisation and former commandant of the Royal Military College of Science.

Sir Edmund will work closely with those in the Cabinet Office who have been reviewing procedures across Government, following the HMRC loss of data. His report will enable us to answer the questions that still need to be answered. The Information Commissioner has confirmed in particular that the review will be wide enough to address the questions that he has raised, including why a database of this size was thought necessary for field recruitment staff. It will also enable the chain of command to identify where responsibility lies and whether anyone needs to face action as a result. Sir Edmund’s full report will be made available to the Information Commissioner.

I take this theft of personal data extremely seriously. I am also keenly aware of the risks if the data had fallen into the wrong hands, although I emphasise that there is no evidence that they have done so. As with all parts of Government, those who have dealings with the armed forces have a right to expect that their data will be properly protected. I very much regret that that has not happened. I am determined that we should identify exactly what went wrong and learn lessons. This must never happen again, and I will keep the House informed of the outcome of the various investigations to which I have referred.

Dr. Liam Fox (Woodspring) (Con): I am grateful to the Secretary of State and his permanent secretary for providing me with information in relation to the incident. I am afraid that it all adds up to a damning picture of MOD incompetence, mismanagement and poor practice. In many ways, it is worse than the loss of the child benefit records, because we know that the information fell into criminal hands as it was stolen by a criminal. As the Secretary of State says, it could be used for identity theft or, worse, for terrorism.

Next Section Index Home Page