§ Mr. Chris SmithTo ask the Chancellor of the Exchequer (1) how many members of staff in Customs and Excise have been disciplined for breaching internal regulations on the disclosure of personal data within the last five years;
(2) if he will set out the procedure within Customs and Excise for authorising transfers of personal data to other Government Departments; and at what level such decisions are authorised;
(3) on what grounds decisions are taken to transfer personal data held by Customs and Excise to other Government Departments;
(4) on what statutory basis transfers of personal data take place from Customs and Excise to the police; and how many such transfers take place each year;
291W(5) on what statutory basis transfers of personal data take place from Customs and Excise to other Government Departments; and how many such transfers take place each year;
(6) what internal guidelines covering the transfer of personal data to other Government Departments are available to staff in Customs and Excise; and whether he will place a copy of any such guidelines in the Library;
(7) what kind of personal data held by the Customs and Excise, whether on computer or manually, are transferred to other Government Departments;
(8) what kinds of personal data held by Customs and Excise are transferred to the police; and whether records are kept of such transfers;
(9) what plans exist in Customs and Excise for the transfer of personal data via the Government data network; and what new procedures have been adopted to prevent unauthorised transfers of such data;
(10) what records are kept of transfers of personal data from Customs and Excise to other Government Departments; and whether the Data Protection Registrar has access to the relevant records;
(11) whether records will be kept of all personal data transferred from Customs and Excise, to other Government Departments via the Government data network;
(12) whether the rules governing the transfer of personal data from the Customs and Excise to other Government Departments are the same for data held manually as for data held on computer.
§ Mr. RyderMuch of the information requested is not readily available and could be obtained only at a disproportionate cost. Customs and Excise maintain extensive records, many of which contain personal data. These records may be either manually recorded or computerised, and they cover a wide range of different subjects.
Where the information is computerised disclosure is made in accordance with the provisions of the Data Protection Act 1984. This Act allows the Data Protection Registrar access to computerised personal records. Customs and Excise do not maintain a record of personal data disclosed.
Currently Customs and Excise do not exchange data with any other Government Departments via the Government data network other than for updating and returning personal data relating to staff employment (salary. overtime and so on) on the Chessington pay system, because the Chessington computer centre acts as an agent for payroll processing. Customs and Excise have no plans to maintain records, or to issue specific instructions dealing with the transfer of personal data over the Government data network.
Disclosure of personal information is made in accordance with statutory provisions or where it is in the public interest. The authority to disclose is given at no lower than grade 7. There are a number of legal provisions providing for disclosure:
- Data Protection Act 1984: S.34 (6)(b)
- Finance Act 1972: S.127
- VAT Act 1983: S.44
- Gaming Act 1968, Schedules 2, 3 and 4
- Betting and Gaming Duties Act 1982, Schedule 2 paragraph 8
- Finance Act 1969: S.59
- Customs and Excise Management Act 1979: S.9 (b)
All these are held in the Library of the House.
292WInstructions to staff are contained in various standing instructions based on the provisions of the Official Secrets Act, the Data Protection Act, and the Finance Act 1972 in particular. Customs and Excise have no record of any member of their staff having been disciplined for breaching internal regulations on the disclosure of personal data within the last five years.