§ Mr. Chris SmithTo ask the Secretary of State for Social Security (1) how many members of staff in his Department have been disciplined for breaching internal regulations on the disclosure of personal data held by his Department within the last five years;
(2) if he will set out the procedure within his Department for authorising transfers of personal data to other Government Departments; and at what level such decisions are authorised;
(3) on what grounds decisions are taken to transfer personal data held by his Department to other Government Departments;
(4) on what statutory basis transfers of personal data take place from his Department to the police; and how many such transfers take place each year;
(5) on what statutory basis transfers of personal data take place from his Department to other Government Departments; and how many such transfers take place each year;
(6) what internal guidelines covering the transfer of personal data to other Government Departments are available to staff in his Department; and whether he will place a copy of any such guidelines in the Library;
(7) what kinds of personal data held by his Department are transferred to the police; and whether records are kept of such transfers;
(8) what kind of personal data held by his Department, whether on computer or manually, are transferred to other Government Departments;
(9) what records are kept of transfers of personal data from his Department to other Government Departments; and whether the Data Protection Registrar has access to the relevant records;
298W(10) whether the rules governing the transfer of personal data from his Department to other Government Departments are the same for data held manually as for data held on computer.
§ Mrs. Gillian ShephardI regret that the information requested concerning the number of transfers of personal data to other Government Departments is not readily available and could be obtained only at disproportionate cost.
It is Government policy that information obtained about a member of the public should be used only for the purpose for which it was acquired. Information held in social security records, both in manual and computerised form, is considered to have been given to the Department for social security purposes only and it is not normally available to other Government Departments. There is, however, statutory provision for the transfer of certain limited information from the Department to the Inland Revenue in connection with the PAYE, national insurance and statutory sick pay schemes.
In other circumstances, where there is no statutory function, requests for information from social security records made by other Government Departments are considered only if the information would prevent the duplication of public funds, help the prosecution of a serious crime, meet the welfare needs of the individual concerned or would be in the public interest.
Information may be disclosed in confidence, in individual cases, to the police in circumstances which involve serious crime.
Where information is held on computer, disclosure to other Government Departments and the police is made only as permitted by purposes 41 to 70 of the Data Protection Act 1984. Under that Act, the Data Protection Registrar has no automatic right of access to individual personal records.
299WInstructions concerning the disclosure of information are issued to all staff dealing with social security business. These are in the process of revision and we will consider placing a copy in the Library in due course.
During the past five years, 13 members of staff have been reprimanded at a local level for minor breaches of the rules governing disclosure of information and 10 have been reprimanded at headquarters level for more serious breaches of the rules.
§ Mr. Chris SmithTo ask the Secretary of State for Social Security what plans exist in his Department for the transfer of personal data via the Government data network; and what new procedures have been adopted within the Department to prevent unauthorised transfers of such data.
§ Mrs. Gillian ShephardThe Department plans to use the Government data network for the provision of computer services to the offices of the Department, the employment service and the Department of Health and Social Services in Northern Ireland as part of the operational strategy. Additionally the Department plans to use the Government data network for other departmental systems as required. Organisational and technical safeguards which apply to all the Department's networks, including the Government data network, ensure that access to personal data is in accordance with authorisations.
§ Mr. Chris SmithTo ask the Secretary of State for Social Security whether records will be kept of all personal data transferred to other Government Departments via the Government data network.
§ Mrs. Gillian ShephardThe types and purposes of transfer of personal computer data to other Government Departments, whether via the GDN or otherwise, are recorded in accordance with the Data Protection Act.