Skip to main content

Data Protection

Volume 469: debated on Tuesday 11 December 2007

The Ministry of Justice has procedures and guidance governing security, information security and data protection, designed to identify and control the risk of the unauthorised release of personal data. They include ensuring that our sites are physically secure and protected from unauthorised access; ensuring that our employees are reliable through checks on their background; providing guidance to staff on general security, with separate guidance on IT security and data protection issues; and procedures for assessing IT systems. We also have systems for monitoring and checking compliance, and those policies and procedures extend to our contracted IT suppliers.

Of course, there can never be a cast-iron guarantee that human errors will not occur or that there will never be any unauthorised releases of information, so we must remain vigilant. Even before the deeply regrettable incident at Her Majesty’s Revenue and Customs, the Prime Minister commissioned the Walport-Thomas review under the auspices of the Ministry of Justice into the way in which personal data are used and protected in the public and private sector. In addition, we previously announced that we would amend the Data Protection Act 1998 to increase the penalty for knowingly and recklessly misusing personal data, so that those found guilty of that offence could be imprisoned for up to two years.

The Information Commissioner has said that he should have powers to carry out spot checks in Government Departments and other bodies to ensure that they comply with data protection legislation. Does the Minister agree with Richard Thomas?

Yes, we do. We are implementing that, and giving Richard Thomas the powers.

Will my hon. Friend give us an assurance on personal data and confirm that prisoners’ medical records are securely contained but can be regularly accessed by GPs?

The data protection rules must apply to everybody but, where necessary and with proper protections, access will be given to the appropriate people.

Will the Minister of State confirm that C-NOMIS, the computer programme for the National Offender Management Service, is designed to track data on individual offenders from court into prison and thence when they are released back into the community? Is it true that Roger Hill, the Director of Probation, has announced that C-NOMIS is to be put on hold and scaled back for use in prisons alone, thus undermining its whole purpose? Is this not a case of £155 million down the drain, and yet another example of Government incompetence?

I congratulate the hon. Gentleman on his ingenuity in managing to ask that question during a question about data protection. The answer to his question is no, it is not true.