Skip to main content

Departmental Data Protection

Volume 469: debated on Monday 10 December 2007

To ask the Secretary of State for Scotland (1) what reviews have been undertaken of his Department’s rules on data protection in the last two years; if he will place in the Library a copy of the report of the last review of his Department’s compliance with data protection laws; and if his Department will undertake a review of its compliance with data protection laws; (168075)

(2) on how many occasions in his Department confidential data have been downloaded on to compact discs (i) without and (ii) with encryption in the last 12 month period for which figures are available; how many of those discs have been posted without using recorded or registered delivery; what procedures his Department has in place for the (A) transport, (B) exchange and (C) delivery of confidential or sensitive data; what records are kept of information held by his Department being sent outside the Department; what changes have been made to his Department’s rules and procedures on data protection in the last two years; on how many occasions his Department’s procedures and rules on data protection have been breached in the last five years; what those breaches were; what procedures his Department has in place on downloading confidential data on to computer discs before their transfer; what technical protections there are in his Department’s computer systems to prevent access to information held on those systems which is not in accordance with departmental procedures; and if he will place in the Library a copy of each of his Department’s rules and procedures on the protection of confidential data on individuals, businesses and other organisations;

(3) how many employees of each grade in his Department (a) have access to confidential or sensitive data and (b) are authorised to download such data to disk; how many of his Department’s employees have undergone data protection training in the last 12 months; what the average length of time is that each employee of his Department has spent on data protection training; how many investigations of employees of his Department for improperly accessing confidential information have taken place in the last 12 months; how many such investigations resulted in cases of disciplinary action; and what the circumstances of each of those cases was.

To ask the Secretary of State for Scotland whether his Department’s information technology and data management systems are BS7799 compliant. (168740)

To ask the Secretary of State for Scotland whether he proposes to review how his Department transports data; and whether his Department uses TNT to transport data. (169386)

To ask the Secretary of State for Scotland (1) how many confirmed data security breaches there have been in the Office of the Advocate General for Scotland in the last 36 months; and what action was taken after each occurrence; (170216)

(2) how many confirmed data security breaches there have been in his Department in the last 36 months; and what action was taken after each occurrence.

To ask the Secretary of State for Scotland (1) on how many occasions the Information Commissioner was contacted by his Department to report breaches of data protection security in each of the last five years; (168817)

(2) how many breaches of data protection security there were in his Department in each of the last five years; and if he will provide details of each breach.

I refer the hon. Members to the statement made by my right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments’ procedures will be made on completion of the review.