§ Mr. CohenTo ask the Secretary of State for Health whether he will make arrangements for the Data Protection Registrar to inspect relevant contracts with suppliers of information technology services that involve the use of personal data held by his Department in order to check whether all appropriate arrangements in relation to the Data Protection Act 1984 have been made, and whether such contracts make provisions for the registrar to make random inspections in order to check the suppliers' compliance with the eighth data protection principle.
§ Mr. SackvilleThe Data Protection Registrar has a wide range of powers, under the Data Protection Act 1984, to ensure that all individuals and organisations holding personal data on computer systems are registered and observe the data protection principles as required by the Act. When information technology services are contracted out by a data user, the contractor and the user will be subject to the application of the data protection principles, and to the registrar's powers to promote compliance with them, as provided for in the Act. It is for the registrar to decide how he will use his powers under the Act, and I do not consider that any further arrangements are necessary for him to discharge his duties effectively.