Coroners and Justice Bill

In addition to new clause 19, which stands in my names and those of my hon. and learned Friends the Members for Beaconsfield (Mr. Grieve) and for Harborough (Mr. Garnier) and my hon. Friends the Members for Enfield, Southgate (Mr. Burrowes), for Epping Forest (Mrs. Laing) and for Crewe and Nantwich (Mr. Timpson), I plan to discuss our amendments 78 to 88. I also want to comment on Government amendment 25. Our new clause 19 would remove the immunity of Government Departments from prosecution, because the Government's record on handling, storing and transporting confidential data is appalling. I am afraid that the Ministry of Justice is one of the worst offenders. A computer hard drive containing the details of up to 5,000 employees of the National Offender Management Service in England and Wales was lost by the private firm, EDS. Despite the loss having occurred in July 2007, the Justice Secretary was not told until September 2008. In August last year, the names and addresses, details of convictions and even jail release dates of almost 130,000 people were lost when a computer memory stick went missing. It was being used by an employee of a private contractor working for the MOJ. The Information Commissioner said at the time that the data were a "toxic liability", and described the loss as "deeply worrying". The Ministry of Defence is another serial offender. Some time ago, the Defence Secretary of the time was forced to revise upwards the estimate of the number of laptops stolen from his Department in the previous four years from 347 to 658. Furthermore, in January last year, the then Defence Secretary revealed that an MOD laptop, which contained the details of 600,000 people, had been stolen from the boot of a naval officer's car in Birmingham. The computer contained unencrypted lists of names, addresses, bank and driving licence details, national insurance and national health service numbers and so on—an appalling security lapse. In 2007, Her Majesty's Revenue and Customs had the so-called discgate scandal, in which 25 million records were lost. In November that year, the Chancellor of the Exchequer admitted that two CDs containing child benefit data had been lost in transit to the National Audit Office. Also in November that year, HMRC lost the personal details of 15,000 Standard Life pension holders, after a CD was lost in transit by an external courier. Many other Departments have lost data, including the Department of Health, the Department for Work and Pensions and the Department for Communities and Local Government. Many of the subsequent inquiries revealed lax security procedures, confused chains of command and, above all, no proper accountability. Many Departments have a serious cultural problem, which is simply not being addressed. Last year, the Secretary of State for Energy and Climate Change, who was then the Minister for the Cabinet Office, amid great fanfare launched new guidelines called "Data Handling Procedures". He promised""a culture that properly values, protects and uses information".—[Official Report, 25 June 2008; Vol. 478, c. 26WS.]" He also announced stronger accountability mechanisms within all Departments, but unfortunately those changes have delivered no substantial improvements. In fact, they have delivered little. Proper sanctions are needed. The Bill contains no sanctions, and we feel strongly that immunity of Departments from prosecution should be removed. Only by applying such sanctions will permanent secretaries and civil servants make the prevention of loss of data a key priority. We need to send a strong signal to all Departments and agencies that cavalier and unprofessional attitudes to our personal data and privacy will not be tolerated. I hope that the Minister will accept our new clause. I turn to our amendments 78 and 79. Amendment 78 is almost identical to new clause 38, which was tabled by the hon. Members for Hendon (Mr. Dismore) and for Oxford, West and Abingdon (Dr. Harris). The official Opposition, and particularly my hon. Friend the Member for Epping Forest, have said for some time that it is essential that the Information Commissioner be given more power to control and monitor holders of data. That is why we support the principles behind clause 153. However, the clause has one glaring gap, as it does not provide any enforcement powers. If the assessment notice is made, and its subject refuses to comply, the Bill does not allow for any immediate sanction. Under our amendments 78 and 79, the Information Commissioner will be able to go to the county court, which must decide whether the assessment notice was properly issued, and whether there was a reasonable excuse for non-compliance. If the court decides for the commissioner, it will order the data controller to comply with the assessment notice. Failure to do so will result in the data controller being in contempt of court. We feel strongly that there is no point having an assessment notice regime without proper sanctions for non-compliance. As Sir Mark Walport and the Information Commissioner, Richard Thomas, said in their submission to the Committee:""There are also no meaningful sanctions for failure to comply with the requirements of an Assessment Notice: this needs strengthening in order for it to be taken seriously."" I hope that the Minister will accept amendments 78 and 79.