Skip to main content

Departmental Data Protection

Volume 469: debated on Tuesday 11 December 2007

To ask the Secretary of State for Health (1) what reviews have been undertaken of his Department's rules on data protection in the last two years; if he will place in the Library a copy of the report of the last review of his Department's compliance with data protection laws; and if (a) his Department and (b) his Department's agencies will undertake a review of their compliance with data protection laws; (168089)

(2) on how many occasions in (a) his Department and (b) its agencies confidential data have been downloaded on to compact discs (i) without and (ii) with encryption in the last 12 month period for which figures are available; how many of those discs have been posted without using recorded or registered delivery; what procedures his Department has in place for the (A) transport, (B) exchange and (C) delivery of confidential or sensitive data; what records are kept of information held by his Department being sent outside the Department; what changes have been made to his Department's rules and procedures on data protection in the last two years; on how many occasions his Department's procedures and rules on data protection have been breached in the last five years; what those breaches were; what procedures his Department has in place on downloading confidential data on to computer discs before its transfer; what technical protections there are in his Department's computer systems to prevent access to information held on those systems which is not in accordance with departmental procedures; and if he will place in the Library a copy of each of his Department's rules and procedures on the protection of confidential data on individuals, businesses and other organisations;

(3) how many employees of each grade in his Department (a) have access to confidential or sensitive data and (b) are authorised to download such data to disc; how many of his Department's employees have undergone data protection training in the last 12 months; what the average length of time is that each employee of (i) his Department and (ii) his Department's agencies has spent on data protection training; how many investigations of employees of his Department for improperly accessing confidential information have taken place in the last 12 months; how many such investigations resulted in cases of disciplinary action; and what the circumstances of each of those cases were.

To ask the Secretary of State for Health what procedures are in place in his Department to ensure that personal information relating to members of the public is (a) stored and (b) transported securely. (168475)

To ask the Secretary of State for Health (1) on how many occasions the Information Commissioner was contacted by his Department to report breaches of data protection security in each of the last five years; (168812)

(2) how many breaches of data protection security there were in (a) his Department and (b) his Department's agencies in each of the last five years; and if he will provide details of each breach.

To ask the Secretary of State for Health what steps his Department has taken to protect the personal data on members of the public which it holds. (171418)

I refer the hon. Member to the statement made by my right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within Departments and agencies for the storage and use of data. A statement on Departments' procedures will be made on completion of the review.

To ask the Secretary of State for Health whether he proposes to review how his Department transports data; and whether his Department uses TNT to transport data. (169223)

I refer the hon. Member to the statement made by my right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within departments and agencies for the storage and use of data. A statement on departments’ procedures will be made on completion of the review.