Skip to main content

Departmental Data Protection

Volume 488: debated on Tuesday 3 March 2009

To ask the Secretary of State for Work and Pensions pursuant to the answer of 13 January 2009, Official Report, column 573W, on departmental data protection, whether the Customer Information System (a) is accredited to his Department’s information systems security standards and (b) was so accredited before 1 July 2008. (258702)

The Customer Information System was accredited for compliance with the Department’s prevailing information system security standards in 2005. The system has not subsequently been accredited to the new standards published by the Cabinet Office last year, which only apply to those systems introduced from 1 July 2008. All current systems that are not accredited to the new standards are fully authorised for use with any residual risks having been identified and managed.

To ask the Secretary of State for Work and Pensions pursuant to the answer of 13 January 2009, Official Report, column 573W, on departmental data protection, whether a privacy impact assessment has been carried out on the Customer Information System. (258706)

The Cabinet Office requirement for privacy impact assessments applies to new systems introduced after 1 July 2008. The Customer Information System was introduced several years ago, and therefore a privacy impact assessment is not required.