§ Mr. Cohen
To ask the Secretary of State for the Home Department if(a) the Security Service has taken over the responsibility of promoting the risk analysis methodology CRAMM from the CCTA and (b) personal data are required to be processed in order to promote the software; and if he will make a statement on how his Department will apply to provisions of the Data Protection Acts to such processing. 
§ Mr. Straw
In 1997, the Security Service took over the management of CRAMM, but the promotion and marketing of the associated software package was undertaken by commercial organisations on its behalf. The Security Service is currently engaged in the transfer of the management responsibilities too, under Government licence, to a commercial consortium. Consequently, the Security Service holds no personal data in connection with the promotion of CRAMM.158W
§ Mr. Cohen
To ask the Secretary of State for the Home Department what representations he has received from the Data Protection Registrar(a) on the application of Sections 28 and 29 of the Data Protection Act 1998 to the Security Service and (b) on provisions in Clauses 11 and 12 of the Immigration and Asylum Bill. 
§ Mr. Straw
The Data Protection Registrar wrote to me, in February this year, concerning the application of the Data Protection Act 1998 to the security and intelligence agencies when it comes into force. I replied that this was still under consideration and that no decision had been made. I said the same to my hon. Friend in my letter of 31 March. This remains the position although useful discussions between the Registrar's officials and mine have taken place.
On (b), the Data Protection Registrar has been consulted about clauses 11 and 12 of the Immigration and Asylum Bill. In the light of discussions with her Office, some additional safeguards have been provided.
§ Mr. Colvin
To ask the Secretary of State for the Home Department what representations he has received on the effect of the Data Protection Act 1998 and the Human Rights Act 1998 on the automatic right of access on request to any recorded material taped in a public place by CCTV. 
§ Mr. George Howarth
We have not received any representations on this issues.
The Data Protection Act 1998 provides a framework for the statutory regulation of public space Close Circuit Television (CCTV) systems. The Act builds upon the regime of the Data Protection Act 1984 but goes further in a number of respects. In particular, it provides enhanced rights for individuals in respect of personal data held about them by data controllers, including rights of subject access.159W
The Data Protection Registrar has started to develop a code of practice, to be issued under her new powers as Data Protection Commissioner. This code will provide guidance to CCTV operators on how to comply with the Act's requirement.