Skip to main content

Departmental Data Protection

Volume 486: debated on Tuesday 13 January 2009

To ask the Chancellor of the Exchequer what percentage of contractors and suppliers to (a) his Department and (b) its agencies has reported compliance with the Government's security standards following publication of the report, Data Handling Procedures in Government, and the accompanying document, Cross-departmental Actions: Mandatory Minimum Action, on 25 June 2008. (245330)

The information requested is as follows:

(a) All suppliers to The Treasury that are required to handle relevant data have been contacted and made aware of the Government's security standards. All have been assessed as having policies and procedures that are compliant with those standards.

(b) The UK DMO have identified all the suppliers involved in data handling procedures. All of these suppliers (100 per cent.) have been assessed as appropriate to comply with the Government's security standards.

To ask the Chancellor of the Exchequer how many contracts (a) his Department and (b) its agencies have which allow contractors to store personal data of UK citizens overseas; for which contracts this applies; in which countries the data for each contract is held; and how many people have their data stored overseas in the case of each such contract. (245351)

The Treasury has one supplier that stores personal data abroad. The contractor provides travel agency services under a pan-Government framework owned by OGCbuying.solutions and the data are stored in the USA under a safe harbour agreement.

The Debt Management Office holds one contract that it manages on behalf of the Treasury, which allows the storage of personal data of UK citizens overseas. This contract is for the Gilt Registration Service and states that personal data must be kept within the European Economic Area (EEA). Currently all these data are stored within the UK.

To ask the Chancellor of the Exchequer when his Department appointed a senior information risk owner in accordance with the report, Data Handling Procedures in Government and the accompanying document Cross-departmental Actions: Mandatory Minimum Action; and what grade the person holds within the Department. (245371)

HM Treasury's senior information risk owner is a range G (equivalent to Grade 3) and has held the responsibility since December 2007.