Skip to main content

Departmental Data Protection

Volume 486: debated on Wednesday 14 January 2009

To ask the Secretary of State for Justice how many contracts (a) his Department and (b) its agencies have which allow contractors to store personal data of UK citizens overseas; for which contracts this applies; in which countries the data for each contract are held; and how many people have their data stored overseas in the case of each such contract. (245348)

The Ministry of Justice and its agencies, has one contract for an online training facility which is provided from the United States of America. The application holds the names and payroll references for approximately 4,000 staff who have completed an e-learning package. The company is a member of the United States Safe Harbor agreement, which ensures a similar level of data protection to that required by UK data protection law. All data transfers are required to comply with the Data Protection Act 1998.

The contract expires in April 2009. Options for the future are being considered with a view to ensuring the data will be stored in the UK after that date.

To ask the Secretary of State for Justice when his Department appointed a senior information risk owner in accordance with the report, Data Handling Procedures in Government and the accompanying document Cross-departmental Actions: Mandatory Minimum Action; when the appointment was made; and what grade the person holds within the Department. (245367)

The Ministry of Justice’s senior information risk owner (SIRO) is the Director General of the Democracy, Constitution and Law Group who took over this responsibility in spring 2008, in advance of the Data Handling Review’s publication. Prior to her taking over the role, the Ministry of Justice’s SIRO was the Director General of Strategy.