Skip to main content

Government Departments: Data Protection

Volume 707: debated on Thursday 12 February 2009

Question

Asked by

To ask Her Majesty's Government whether they will issue instructions to all departments to ensure full compliance with data protection principles and respect for private life, home and correspondence in the storage and use by departments of personal information, including appropriate safeguards and sanctions against misuse of such information. [HL1022]

I refer the noble Lord to the publication of the report into data handling procedures across government published on 25 June 2008 and the accompanying Written Ministerial Statement by the then Minister for the Cabinet Office (Official Report, cols. 25-6WS). Copies of the report are available in the Library.

Departments are ultimately responsible for their own security arrangements but the data handling report (DHR) lays out a set of mandatory cross-government actions for government departments to protect personal information including:

minimising access to data;

encryption of removable media;

penetration testing of ICT systems;

secure disposal of information;

greater scrutiny through such measures as spot checks by the Information Commissioner's office; and

fostering a culture of individual accountability bolstered by training and education to ensure that staff understand their responsibilities.

The Cabinet Office is monitoring departments’ progress in meeting the DHR requirements and will report to Parliament in due course.

In addition, the provisions of the Data Protection Act 1998 apply equally to government departments as well as to private bodies who process personal information in the UK.