Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps she is taking to ensure public sector data is secure where Cellular Internet Modules may originate from foreign suppliers.

The UK has strong safeguards to ensure that data is collected and handled responsibly and securely. Companies registered in the UK are subject to our legal framework and regulatory jurisdiction.

Public sector organisations are required to manage security and supply chain risks through established assurance and procurement frameworks, including the Technology Code of Practice, the Government Cyber Security Standard and following guidance from the National Cyber Security Centre. As threats to UK data are evolving, our response must be agile and proportionate. We actively monitor threats to UK data and will not hesitate to take action if necessary to protect our national security.

Any device with a cellular module that is incorporated into the network or systems of UK Critical National Infrastructure will need to comply with that network’s cyber security practices and standards and, as such, should have robust security controls in place.

The UK has one of the most robust data protection regimes in the world, with all organisations required to comply with our legislation to safeguard UK personal data when transferring it overseas. Failure to do so can result in enforcement action.

Our data regulator, the Information Commissioner’s Office, has powers to take enforcement action and issue fines. Individuals who consider that their data has been misused can also take legal action.