I propose to take Questions Nos. 508 and 511 together.
I do not have statutory responsibility to impose any particular measures across the public service in relation to the data stored on laptops, blackberries and other portable devices. In relation to my own Department, it employs layered network defences including intrusion detection systems, multiple firewalls, web content filtering, anti-virus, anti-spyware and anti-spam devices to block dangerous traffic and protect all information on the computer network. Blackberry devices are by default encrypted devices, with access protected by a password, and my Department has the capability to remotely wipe any devices that are reported missing. The low level of personal data held and processed within my Department informed a decision that there was no need to automatically encrypt all laptops used, as it was considered that the level of risk of losing personal data was very slight. My Department carries out a full independent audit of all computer systems each year and one is scheduled to be carried out before the end of the year. Any recommendations that are made to further secure the computers and data held by my Department will be implemented.