Skip to main content

Departmental Data Protection

Volume 474: debated on Monday 31 March 2008

To ask the Chancellor of the Duchy of Lancaster (1) whether personal data for which his Department is responsible are (a) stored and (b) processed overseas; and if he will make a statement; (176026)

(2) what audits his Department carried out in relation to personal data and IT equipment in each of the last 10 years;

(3) what requirements his Department and its agencies place on contractors in relation to audit of personal data and IT equipment.

None of the personal data for which the Cabinet Office is responsible are stored or processed overseas.

The Cabinet Office operates in accordance with the Manual of Protective Security and the Data Protection Act. Measures are in place to monitor the personal data the Department holds. A full audit of centrally provided IT equipment was undertaken in January 2007, since then a monthly review is held to agree any changes. Information prior to January 2007 is not held centrally.

The Cabinet Office requires its contractors to comply with their obligations under the provisions of the Data Protection Act which includes taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data and ensures the security of such data.