Skip to main content

Departmental Data Protection

Volume 496: debated on Wednesday 15 July 2009

To ask the Secretary of State for Health what databases which will be managed by his Department or one of its agencies and which will contain personal information are (a) under construction and (b) expected to go live in each of the next five years; and if he will make a statement. (286504)

Planned application developments which will contain personal information on members of the public or departmental staff are summarised in the following table. Year relates to expected year of implementation.

Any personal data stored on the Department’s databases are subject to the Data Protection Act and to our own, internal data protection policy.

Following the publication of the cross government data handling review in June 2008, new projects and programmes that hold significant amounts of personal data are obliged to conduct privacy impact assessments.

Year

Database

Description

2009-10

Hospitality Reporting

Staff hospitality details and declarations of interest

2009-10

Public Bodies

Data on the membership of all the Department’s sponsored public bodies

2009-10

Third Sector Funding

Grant applications and award monitoring process

2009-10

The National Pandemic Flu Service

Pandemic flu information management system

2011-12

Electronic Exchange of Social Security Information (EESSI)

Details of medical treatment received while abroad and evidence of entitlement. System to be jointly managed with Department for Work and Pensions and Customs and Revenue

n/k

e-Directory

Contact details for departmental staff and external contacts. Under consideration, but on hold; likely to be implemented sometime within the next five years

NHS Choices

n/k

Contact management system

Information on service providers who support the NHS Choices programme. Timing uncertain but likely to be in the next two years

Medicines and Healthcare products Regulatory Agency (MHRA)

MHRA are not developing, and have no plans to develop, any databases containing personal information in the next five years

NHS Purchasing and Supply Agency (PASA)

PASA are not developing, and have no plans to develop, any databases containing personal information in the next five years

NHS Connecting for Health

There are a number of programmes which are either in the planning or initiation phase. The datasets for these programmes will be developed as a consequence of the detailed analysis within each specific programme and it is, therefore, not possible to provide the requested detail at this stage. NHS Connecting for Health operate a comprehensive Information Governance programme with which all programmes must comply. The specific detail of future datasets will be submitted to the Information Standards Board for review and evaluation at the appropriate time within each programme

To ask the Secretary of State for Health how many (a) attempts and (b) successful attempts were made to gain unauthorised access to each (i) database and (ii) ICT system run by his Department in each of the last five years; and if he will make a statement. (286545)

We are aware of only one attempt to gain unauthorised access to departmental databases or information and communication (ICT) systems in each of the last five years. A web page defacement resulted in a website page being altered without permission. There was no data loss, nor were any sensitive files compromised.

Unauthorised access

Attempts

Successful attempts

Databases

ICT Systems

Databases

ICT Systems

2004-05

0

0

0

0

2005-06

0

0

0

0

2006-07

0

1

0

1

2007-08

0

0

0

0

2008-09

0

0

0

0