§ Mr. WyattTo ask the Secretary of State for Trade and Industry (1) which Minister in his Department has the lead responsibility for data protection in relation to websites; and if he will make a statement; [133053]
(2) what recent representations he has received relating to the proposed prosecution of electricity generating companies under data protection law; [133070]
(3) what powers he has in addition to those of the Data Protection Commissioner to prosecute companies in violation of data protection law. [133069]
§ Ms HewittMy Department has no responsibility for the protection of data held at or accessible through websites. My Department has no special powers to mount prosecutions under the Data Protection Act. We have received no representation about prosecutions of electricity generating companies under that Act, but are aware of the public interest in the recent security breach at the website of the supply business of PowerGen. While the standards of security of websites are not regulated, my Department takes seriously its responsibility for promoting good information security to business. This is one of the vital factors in ensuring confidence in e-business. My officials have therefore had discussions with the company to understand the circumstances that led to the security breach, how the company solved the technical issues and how the business community as a whole might learn from their experience. I understand that the company resolved the vulnerability quickly and are making great efforts to learn how their management controls allowed it to happen. They intend to make public the results of their inquiries. Furthermore, we are exploring with the company how best we might disseminate the lessons learnt to improve the performance of all those UK companies who are rising to the challenge of working on-line.