Departmental Data Protection Mr. Vara To ask the Secretary of State for Work and Pensions pursuant to the answer of 13 January 2009, Official Report, column 573W, on departmental data protection, whether the Customer Information System (a) is accredited to his Department’s information systems security standards and (b) was so accredited before 1 July 2008. Jonathan Shaw The Customer Information System was accredited for compliance with the Department’s prevailing information system security standards in 2005. The system has not subsequently been accredited to the new standards published by the Cabinet Office last year, which only apply to those systems introduced from 1 July 2008. All current systems that are not accredited to the new standards are fully authorised for use with any residual risks having been identified and managed. Mr. Vara To ask the Secretary of State for Work and Pensions pursuant to the answer of 13 January 2009, Official Report, column 573W, on departmental data protection, whether a privacy impact assessment has been carried out on the Customer Information System. Jonathan Shaw The Cabinet Office requirement for privacy impact assessments applies to new systems introduced after 1 July 2008. The Customer Information System was introduced several years ago, and therefore a privacy impact assessment is not required.