§ Mr. BurstowTo ask the Parliamentary Secretary, Lord Chancellor's Department, pursuant to his answer of 31 January 2000,Official Report, column 472W, on computers, if any of the hackers accessed computer files containing (a) the personal details of jurors or witnesses and (b) details of the jury selection procedures. [109388]
§ Jane KennedyThere has only been one recorded instance, in 1995, when a member of staff was found to have possible unauthorised access to juror details. The person, a casual employee, had discovered a supervisor's password and had altered system access permissions. Subsequent investigation found no evidence of tampering with data. The staff member was dismissed.
§ Mr. BurstowTo ask the Parliamentary Secretary, Lord Chancellor's Department, pursuant to his answer of 31 January 2000,Official Report, column 472W, on computers, what action has been taken to prevent internal hacking incidents on Court Service computers, particularly files containing (a) the personal details of jurors or witnesses and (b) details of the jury selection procedures. [109387]
§ Jane KennedyThe Court Service carries out security risk analyses on all its major computer systems to ensure they comply with the security guidelines laid down in HMG's Manual of Protective Security. The countermeasures implemented include unique user names, secure passwords and access to systems and areas of systems on a 'need-to-know' basis. Passwords are changed regularly. All staff are provided with guidance on how to maintain system security. Some juror details are held on systems which are owned and managed by the Department's PFI partners. Security measures have been conveyed to them and are contractual.
§ Mr. BurstowTo ask the Parliamentary Secretary, Lord Chancellor's Department, pursuant to his answer of 31 January 2000,Official Report, column 472W, on computers, what type of information was accessed by the hackers from computers in the Court Service; and what action was taken (a) to identify the hackers and (b) to discipline Court Service staff involved in the incidents. [109389]
§ Jane KennedyThe type of information potentially available to an internal 'hacker' varies according to the system accessed. Approximately half of the incidents involved stand-alone PCs or networked PCs used in the Headquarters of the Lord Chancellor's Department for administrative purposes; the remainder involved operational systems, such as those used for case management. Most incidents involved misuse of another member of staffs user name and password. The information potentially at risk was either a person's own work in progress, or in a few instances, details of cases. All incidents were investigated and remedial action applied. No evidence of compromise of Protectively Marked (or classified) information nor of a breach of the Data Protection Acts was found.
The staff responsible were identified in half of the incidents and all received verbal warnings, except for one who received a written warning and one who was dismissed.