Asked by: Baroness McIntosh of Pickering (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government whether it is their intention that hospitality venues responsible for upholding the law on the sale of alcohol, cigarettes, solvents and other restricted products will see equal protection under the new offence of assaulting a retail worker in the Crime and Policing Bill.
Answered by Lord Hanson of Flint - Minister of State (Home Office)
Through our Crime and Policing Bill, we are introducing a new offence of assaulting a retail worker to protect the hardworking and dedicated staff that work in stores.
This definition of a retail worker captures someone working in or about retail premises for or on behalf of the owner or occupier of the retail premises.
Our definition is intentionally narrow and does not include hospitality staff, given the vital need to provide legal clarity and ensure there is no ambiguity for courts in identifying whether an individual is a retail worker and impacted during their job.
Those workers whose roles are not included within the definition are already covered under other legislation such as the Offences against the Person Act 1861, which also covers more serious violence, such as actual bodily harm and grievous bodily harm.
There is also a statutory aggravating factor for assault against any public facing worker in the Police, Crime, Sentencing and Courts Act 2022. This ensures the courts treat the public-facing nature of a victim’s role as an aggravating factor when considering the sentence for an offence.
Alongside this, we are ending the effective immunity that currently applies for theft of goods under £200 by repealing section 176 of the Anti-Social Behaviour, Crime and Policing Act 2014.
We are also providing over £7 million over the next three years to support the police and retailers tackle retail crime, including continuing to fund a specialist policing team to disrupt organised retail crime gangs and identify more offenders.
Asked by: Baroness McIntosh of Pickering (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government how "retail" work is defined for the purposes of the Crime and Policing Bill; and whether that definition includes hospitality premises with a functional overlap, such as pubs which run village shops and restaurants selling branded products on the premises.
Answered by Lord Hanson of Flint - Minister of State (Home Office)
Through our Crime and Policing Bill, we are introducing a new offence of assaulting a retail worker to protect the hardworking and dedicated staff that work in stores.
This definition of a retail worker captures someone working in or about retail premises for or on behalf of the owner or occupier of the retail premises.
Our definition is intentionally narrow and does not include hospitality staff, given the vital need to provide legal clarity and ensure there is no ambiguity for courts in identifying whether an individual is a retail worker and impacted during their job.
Those workers whose roles are not included within the definition are already covered under other legislation such as the Offences against the Person Act 1861, which also covers more serious violence, such as actual bodily harm and grievous bodily harm.
There is also a statutory aggravating factor for assault against any public facing worker in the Police, Crime, Sentencing and Courts Act 2022. This ensures the courts treat the public-facing nature of a victim’s role as an aggravating factor when considering the sentence for an offence.
Alongside this, we are ending the effective immunity that currently applies for theft of goods under £200 by repealing section 176 of the Anti-Social Behaviour, Crime and Policing Act 2014.
We are also providing over £7 million over the next three years to support the police and retailers tackle retail crime, including continuing to fund a specialist policing team to disrupt organised retail crime gangs and identify more offenders.
Asked by: Baroness McIntosh of Pickering (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government what specific protections are in place to address abuse and theft in (1) retail, (2) hospitality, and (3) leisure businesses.
Answered by Lord Hanson of Flint - Minister of State (Home Office)
Through our Crime and Policing Bill, we are introducing a new offence of assaulting a retail worker to protect the hardworking and dedicated staff that work in stores.
This definition of a retail worker captures someone working in or about retail premises for or on behalf of the owner or occupier of the retail premises.
Our definition is intentionally narrow and does not include hospitality staff, given the vital need to provide legal clarity and ensure there is no ambiguity for courts in identifying whether an individual is a retail worker and impacted during their job.
Those workers whose roles are not included within the definition are already covered under other legislation such as the Offences against the Person Act 1861, which also covers more serious violence, such as actual bodily harm and grievous bodily harm.
There is also a statutory aggravating factor for assault against any public facing worker in the Police, Crime, Sentencing and Courts Act 2022. This ensures the courts treat the public-facing nature of a victim’s role as an aggravating factor when considering the sentence for an offence.
Alongside this, we are ending the effective immunity that currently applies for theft of goods under £200 by repealing section 176 of the Anti-Social Behaviour, Crime and Policing Act 2014.
We are also providing over £7 million over the next three years to support the police and retailers tackle retail crime, including continuing to fund a specialist policing team to disrupt organised retail crime gangs and identify more offenders.
Asked by: Baroness McIntosh of Pickering (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government whether the Crime and Policing Bill in its current form will see the protection of workers in quick service restaurants and food-to-go-style operators whose work has a functional overlap with their retail counterparts; and what, if any, impact assessment of such provisions has been undertaken.
Answered by Lord Hanson of Flint - Minister of State (Home Office)
Through our Crime and Policing Bill, we are introducing a new offence of assaulting a retail worker to protect the hardworking and dedicated staff that work in stores.
This definition of a retail worker captures someone working in or about retail premises for or on behalf of the owner or occupier of the retail premises.
Our definition is intentionally narrow and does not include hospitality staff, given the vital need to provide legal clarity and ensure there is no ambiguity for courts in identifying whether an individual is a retail worker and impacted during their job.
Those workers whose roles are not included within the definition are already covered under other legislation such as the Offences against the Person Act 1861, which also covers more serious violence, such as actual bodily harm and grievous bodily harm.
There is also a statutory aggravating factor for assault against any public facing worker in the Police, Crime, Sentencing and Courts Act 2022. This ensures the courts treat the public-facing nature of a victim’s role as an aggravating factor when considering the sentence for an offence.
Alongside this, we are ending the effective immunity that currently applies for theft of goods under £200 by repealing section 176 of the Anti-Social Behaviour, Crime and Policing Act 2014.
We are also providing over £7 million over the next three years to support the police and retailers tackle retail crime, including continuing to fund a specialist policing team to disrupt organised retail crime gangs and identify more offenders.
Asked by: Shaun Davies (Labour - Telford)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what steps her Department is taking to help protect UNESCO World Heritage Sites in the UK from potential environmental threats.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
DCMS provides support and advice to all World Heritage Sites across the UK and Overseas Territories that are grappling with environmental threats in our capacity as State Party of the World Heritage Convention.
DCMS works closely with environmental agencies across the UK, including the Joint Nature Conservation Committee, Natural England, NatureScot, Natural Resources Wales and the Northern Ireland Environment Agency, as well as Historic England as our expert advisers on World Heritage. We also consult with individual site managers and local authorities to monitor potential and known threats to our sites and to consider which issues require notification to, and assistance from, UNESCO.
In addition, DCMS funded the project ‘Climate Change & UNESCO Heritage’ which ran from February 2024 - October 2025 and was delivered by the UK National Commission for UNESCO. This project developed open-source tools that support UNESCO heritage sites to address climate challenges.
Asked by: Baroness Bennett of Manor Castle (Green Party - Life peer)
Question to the Ministry of Housing, Communities and Local Government:
To ask His Majesty's Government whether they plan to establish a cross-departmental office for green spaces.
Answered by Baroness Taylor of Stevenage - Baroness in Waiting (HM Household) (Whip)
The government does not plan to establish a new cross-departmental office for green spaces. Cross-government coordination will continue through the Parks Working Group, which brings together sector expertise with departmental representatives to improve parks and green spaces, with a focus on equality of access.
Improving access to green and blue spaces remains a priority. As part of the Environmental Improvement Plan 2025, the government has announced that it will bring forward an Access to Nature Green Paper to consult on proposals to improve and expand public access to the outdoors. Furthermore, the MHCLG-owned Green Flag Award sets the national standard for parks and green spaces aiming to meet the needs of the communities they serve.
Local authorities play an important role in improving local green space. The Spending Review 2025 provides over £5 billion of new grant funding, most of which is unringfenced, over the next three years for local services that communities rely on.
Finally, the Pride in Place strategy will deliver up to £5 billion over ten years to up to 350 deprived neighbourhoods, supporting a wide range of community assets, including community green spaces.
Asked by: Afzal Khan (Labour - Manchester Rusholme)
Question to the Department for Environment, Food and Rural Affairs:
To ask the Secretary of State for Environment, Food and Rural Affairs, what consideration she has given to designating the Trans Pennine Trail a National Trail.
Answered by Mary Creagh - Parliamentary Under-Secretary (Department for Environment, Food and Rural Affairs)
The Government is committed to increasing access to nature and leaving a lasting benefit for future generations.
Although we do not currently plan to designate the Trans Pennine Trail as a National Trail, we remain committed to improving safe and appropriate access to green and blue spaces. In 2026 we expect to launch both the 2,700-mile King Charles III England Coast Path and Wainwright’s Coast to Coast route across the north of England as a National Trail. We are also progressing plans to deliver nine new National River Walks across England, one in each region and will share further details in due course.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, after the April 2025 data breach of the Legal Advice Agency, what specific steps have been taken, and what further measures are planned, to ensure that a similar security breach does not occur again.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, with reference to the the Legal Advice Agency data breach in April 2025, whether his Department and the LAA had a prepared disaster recovery plan prior to the breach.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what assessment he has made of the adequacy of disaster recovery planning at the Legal Aid Agency prior to the cyber-attack of April 2025.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.