§ Mr. CohenTo ask the Secretary of State for Employment whether he will make arrangements for the Data Protection Registrar to inspect relevant contracts with suppliers of IT services that involve the use of personal data held by his Department in order to check whether all appropriate arrangements in relation to the Data Protection Act 1984 have been made, and whether such contracts make provisions for the registrar to make random inspections in order to check the suppliers' compliance with the eighth data protection principle.
§ Mr. Michael ForsythUnder the Data Protection Act 1984, the Data Protection Registrar has a wide range of powers to ensure that all individuals and organisations holding personal data on computer systems are registered and observe the data protection principles as required by the Act.
The Department is committed to observing the data protection principles when it obtains and processes personal data. Where the Department contracts with a third party for the processing of personal data, the contracts stipulate that the Act must be complied with.
The registrar's powers to promote compliance with the principles apply to both the owner of the personal data and the service provider. It is for the registrar to decide how he will use his powers under the Act. Further arrangements for him to discharge his duties effectively are not considered to be necessary.