Asked by: Stephen Phillips (Conservative - Sleaford and North Hykeham)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign and Commonwealth Affairs, pursuant to the Answer of 28 January 2016 to Question 23481, which commercial third party suppliers were responsible for the 57 breaches in handling secure materials there identified.
Answered by David Lidington
The third party suppliers responsible were BAE Systems, Daisy, Computacenter, Vodafone and Capgemini.
Asked by: Stephen Phillips (Conservative - Sleaford and North Hykeham)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign and Commonwealth Affairs, pursuant to the Answer of 28 January 2016 to Question 23481, of the 57 breaches in handling secure materials there identified, how many breaches concerned documents within each of the following categories applicable prior to April 2014, namely (a) top secret, (b) secret, (c) confidential, (d) restricted, (e) protected and (f) unclassified; and how many breaches concerned documents within each of the following categories applicable from April 2014, namely (i) top secret, (ii) secret and (iii) official-sensitive or official.
Answered by David Lidington
The figures quoted in my answer of 28 January to written question 23481 referred only to the period since April 2014. The information on breaches prior to April 2014 are not held centrally and could be collated only at disproportionate cost. The number of breaches from April 2014 onwards are as follows:
Classification:
Top Secret
Number:
1
Comment:
There was no loss of data related to this breach.
Classification:
Secret
Number:
0
Classification:
Confidential
Number:
12
Comment:
The Confidential classification pre-dates the introduction of the Government Security Classifications (GSCs).
Classification:
Official-Sensitive
Number:
43
Comment:
Official - Sensitive is not a classification under GSC and is a caveat. Materials designated Official or Official-Sensitive does have a level of protection; however loss of its control does not warrant a breach as per existing Cabinet Office guidelines.
Classification:
Official
Number:
1
Asked by: Stephen Phillips (Conservative - Sleaford and North Hykeham)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign and Commonwealth Affairs, whether he has made a formal request for the Government of the People's Republic of China to state the legal basis for its territorial claims in the South China Sea.
Answered by Lord Swire
The UK has consistently called on all parties to clarify the legal basis for their claims in the South China Sea. We continue to urge all parties to pursue their claims peacefully in accordance with international law, in particular the United Nations Convention on the Law of the Sea. The Secretary of State for Foreign and Commonwealth Affairs, my right hon. Friend the Member for Runnymede and Weybridge (Mr Hammond), raised the situation in the South China Sea with China during his recent visit to Beijing on 5 January.
Asked by: Stephen Phillips (Conservative - Sleaford and North Hykeham)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign and Commonwealth Affairs, on how many occasions his Department has been notified by external consultants or other third parties of breaches by employees or subcontractors of those consultants of document retention or security policies relating to confidential or secure materials in each of the last two years.
Answered by David Lidington
Our records show 57 breaches by commercial third party suppliers in handling secure materials for the years in question. This is broken down by year as follows:
2014/15 - 47
2015/16 - 10
The Foreign and Commonwealth Office (FCO) has rigorous formal procedures for reporting, investigating and monitoring any incidents involving the loss or compromise of sensitive data for which it is responsible. Our policies and procedures are designed to ensure that we are compliant with the Data Protection Act 1998 and HMG’s Security Policy Framework. Responsibility for this compliance is shared with Suppliers through appropriate contract terms and conditions.