Skip to main content

Departmental Data Protection

Volume 470: debated on Monday 21 January 2008

To ask the Secretary of State for International Development whether personal data for which his Department is responsible is (a) stored and (b) processed overseas; and if he will make a statement. (176017)

DFID has a number of small databases which are maintained for internal operational purposes in its overseas offices, including some which contain personal data relating to DFID staff. No personal data for which DFID is responsible is either stored or processed overseas outside DFID offices.

To ask the Secretary of State for International Development what obligations his Department and its agencies place on contractors in relation to the audit of personal data and IT equipment. (176466)

Contracts awarded by DFID include standard terms and conditions which place obligations on contractors in relation to confidentiality of information, security of equipment and auditing requirements. These clauses specify contractors must have prior written consent from DFID to disclose any confidential information obtained during or arising from the contract, that DFID and the National Audit Office have unrestricted access to their accounts, files and records and that the Official Secrets Acts apply to them. For higher value IT contracts, DFID has built in additional data protection clauses, which require the contractor to comply with the Data Protection Acts.

To ask the Secretary of State for International Development what audits his Department has carried out in relation to personal data and IT equipment in each of the last 10 years. (176474)

Within the last 10 years, DFID has carried out the following specific audits relating to personal data and IT equipment:

Audit

1998

Information management

Information systems configuration management

1999

Asset control

2006

Asset management, disposal and accounting

2007

Data security assurance

In addition, DFID's Internal Audit Department reviews the local operation of controls over IT assets and data management as part of a rolling programme of administrative audits across DFID's overseas offices.

The National Audit Office also reviews controls over information assets to the extent necessary for its audit of DFID's financial statements.