Data Breaches (Consumer Protection) Debate

Full Debate: Read Full Debate

Data Breaches (Consumer Protection)

Chi Onwurah Excerpts
Monday 26th October 2015

(9 years, 1 month ago)

Commons Chamber
Read Full debate Read Hansard Text

Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.

Each Urgent Question requires a Government Minister to give a response on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - -

(Urgent Question): To ask the Secretary of State for Culture, Media and Sport if he will make a statement on Government responsibilities and policies for protecting consumers and infrastructure following large-scale data breaches such as that suffered by TalkTalk.

Lord Vaizey of Didcot Portrait The Minister for Culture and the Digital Economy (Mr Edward Vaizey)
- Hansard - - - Excerpts

Let me begin by saying that this is clearly a very serious matter. We are all aware that TalkTalk suffered a data breach last week. I want to reassure Members of this House, and TalkTalk customers who may have been affected, that law enforcement has been working very closely with the company since the breach was notified and of course continues to do so.

I commend the chief executive of TalkTalk for her openness and transparency since the company became aware of the attack. I know that she will do all she can to protect her customers. Nevertheless, this is a very serious incident. I understand that the company has offered free support to customers to ensure that they are alerted to any suspicious activity in relation to their bank accounts. I am also reassured that the Financial Conduct Authority has said that it is not aware of any unusual activity at the moment, and that further advice and guidance is available in a range of places such as Get Safe Online and Cyber Streetwise.

However, it is extremely important that companies do all they can to protect themselves, and of course their customers, from cyber-attacks. This Government and the previous Administration have worked extremely hard to ensure that companies have the tools they need to protect themselves. We have invested £860 million over five years in the national cyber-security programme, set up the national cybercrime unit inside the National Crime Agency, and launched the Cyber Streetwise and Cyber Essentials schemes. I am pleased that the number of businesses aware of Cyber Streetwise has doubled and that more than 1,000 businesses have now signed up to the Cyber Essentials scheme, which sets out basic technical controls.

A year ago we made it mandatory that any company that contracts with Government should be accredited under the Cyber Essentials scheme, where appropriate and proportionate. I am also pleased that almost every FTSE 350 company has included cyber-security on its risk register. The “10 Steps to Cyber Security” guidance gives large businesses and organisations comprehensive advice and there are simplified versions available for small and medium-sized enterprises.

Recent events show how vital it is that we maintain that momentum and that businesses act on our advice in order to protect their customers from harm. I will write again to the FTSE 350 companies, to reinforce the steps we expect them to take and the robust procedures that they need to have in place.

The Government take the UK’s cyber-security extremely seriously and we will continue to do everything in our power to protect organisations and individuals from attacks.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - -

Thank you, Mr Speaker, for granting this urgent question.

When someone’s data are lost, criminals are given a gateway into their lives. I have spoken to one woman who lost £5,000 in a sophisticated scam following a previous TalkTalk breach. Today, up to 4 million people are wondering what data they have lost and where a cyber-attack will come from. They are checking their bank accounts, callers and credit cards. The Government need to reassure us that our digital lives are secure, and they need to help our digital economy to grow.

When did the Minister first speak to TalkTalk about the breach and its implications? Is he now aware of what data were taken and whether they were encrypted? What obligations were there on TalkTalk to report the breach to the Information Commissioner’s Office and to advise customers, and did it do that quickly enough? What rights of compensation do TalkTalk customers have and for how long, and how can they exercise them?

Will the Minister ask the Information Commissioner to update his guidance in the light of the current confusion? What additional resources will police have to respond to the up to 4 million inquiries from frightened customers, and will the breach be reported as one cybercrime or many?

For many years, we have been calling on the Government to take action to protect consumers and citizens from cyber-scams. This Government’s data policy is chaos illuminated by occasional flashes of incompetence. Will the Minister acknowledge that all the innovation has come from the criminals while the Government sit on their hands, leaving it to businesses and consumers to suffer the consequences?

Lord Vaizey of Didcot Portrait Mr Vaizey
- Hansard - - - Excerpts

Of course, the hon. Lady is perfectly entitled to ask those questions, many of which are valid, but I have to take issue from the very beginning with her assertion that the Government have somehow been sitting on their hands. I do not think she heard my response to the urgent question. We have invested more than £860 million in cyber-security and we have a number of very effective schemes with which to engage business. It is worth remembering that that money was invested at a time of economic austerity and that that was one of the first decisions taken by the coalition Government.

The hon. Lady asked how many people have lost their data. The situation is fast moving and, given that the investigation is ongoing, it would be remiss of me to put a final figure on it. As I said in my response, law enforcement agencies have been in touch, and we have been in continuous discussion, with TalkTalk since Thursday.

On the question of what data have been taken, the chief executive of TalkTalk has issued a number of statements, saying that bank account details have been given out and that some credit card details, albeit tokenised, have been stolen as well.

The question of whether TalkTalk reported the breach to the Information Commissioner’s Office in time will be a matter between the Information Commissioner and TalkTalk, although I understand that it was reported on the Thursday. As I understand it, any rights of compensation and how long they will take will also be a matter for the Information Commissioner.

I am delighted that, since last month, the Information Commissioner falls within my Department. It is precisely that kind of joined-up government that is needed to make our combating of cybercrime and cyber-fraud as effective as possible. I will certainly meet the Information Commissioner to discuss the issues.

The police have extensive resources with which to combat cybercrime, and we are the Government who set up the national cybercrime unit.