Skip to main content

Departmental Data Protection

Volume 479: debated on Monday 29 September 2008

To ask the Secretary of State for the Home Department whether personal data for which her Department is responsible is (a) stored and (b) processed overseas; and if she will make a statement. (176019)

Some personal data provided by individuals to the Criminal Records Bureau and to UK Visas is temporarily stored for processing purposes overseas.

The CRB data processed overseas is only stored for the duration of time taken to input it, determine that quality criteria are met and transfer it back to the United Kingdom. Thereafter, the data is destroyed. The overseas site in India is ISO27001 certified and is subject to CRB audit and accreditation reviews.

The processing of visa applicant data overseas is carried out either by Foreign and Commonwealth Office staff in diplomatic or consular premises or, in certain countries, by commercial partners. In these countries, commercial partners are only responsible for the basic collection of visa application data, under the supervision of UK-visas staff.

In all circumstances the Home Office seeks to handle personal data in a way that complies with our obligations under UK law.

To ask the Secretary of State for the Home Department whether personal data held by her Department has been transferred to compact discs and sent to external agencies in the last 12 months. (180399)

In line with current Cabinet Office guidance, the Home Office has used compact discs to transfer personal data to external agencies in the last year. Since 22 November 2007, the Home Office has been undertaking a review of its technical, process and procedural arrangements to ensure the risk of data being compromised is managed and reduced to a minimum.

I also refer the hon. Member to the statement made by my right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179:

"...I have asked the Cabinet Secretary and security experts to ensure that all Departments and all agencies check their procedures for the storage and use of data.."

An interim progress report on the review was published by the Cabinet Office through a written ministerial statement on 17 December 2007, Official Report, column 98WS. This included a recommendation to enhance the transparency with Parliament and the public about the action taken to safeguard information, and the results of that action, through publication of results, departmental annual reports and an annual report to Parliament.

To ask the Secretary of State for the Home Department what instructions are issued to staff in her Department on how to (a) collect, (b) use and (c) delete personal information on members of the public. (219354)

The information is as follows:

(a) and (b)

Data collected by the Home Office are held on systems secured to Government standards and are managed according to the Data Protection Act (1998). Those managing these information assets are "trusted stewards" with an obligation to protect it. Any transmission of protected personal information is performed according to the Data Handling Review recommendations and with the security of the of the information in mind.


The Home Office disposal of personal information is governed by the Data Protection Act and the Home Office review and retention policies. These policies are based on the standards set by The National Archive, which specifies time limits for the retention of information. The Department's security policy governs the classification of information and the disposal policies that control the appropriate methods of destruction.