Data Protection.

I am informed by my Department's IT security team that we have a suite of security policies which include the security of portable electronic data devices. The appropriate elements of these policies are published internally for Departmental personnel use and they are not openly available to the public. Since October 2007, all data replicated from my Department's network to laptops is automatically encrypted. A system of whole disk encryption is not deemed necessary at this juncture. Data security measures are regularly reviewed in my Department in the light of changing circumstances. A review is currently underway and its findings are expected to be implemented by early 2009. This review will include, but not be limited to, the security policy for portable electronic data devices.

There have been eight instances of laptop computers, data storage devices and memory sticks that have been reported lost, missing or stolen from my Department to date in 2008. These instances included five laptops and three Blackberries. Of these, four laptops and one Blackberry were subsequently recovered. I have been assured by my officials that each incident has been investigated and that there is no evidence that any private or sensitive data was compromised as a result of these incidents.

All Departmental laptops are issued to staff with password protection enabled. Since October 2007, all data replicated from my Department's network to laptops is automatically encrypted. Mechanisms are in place to remotely immobilise and wipe any information on any portable data devices lost, missing or stolen from my Department. My Department ensures that data security measures are regularly reviewed in the light of changing circumstances and that any appropriate measures identified are implemented in order to prevent risk to data.