§ Mr. CohenTo ask the Secretary of State for Northern Ireland whether he will make arrangements for the Data Protection Registrar to inspect relevant contracts with suppliers of IT services that involve the use of personal data held by his Department in order to check whether all appropriate arrangements in relation to the Data Protection Act 1984 have been made, and whether such contracts make provisions for the registrar to make random inspections in order to check the suppliers' compliance in with the eighth data protection principle.
§ Sir John WheelerThe Data Protection Registrar has a wide range of powers under the Data Protection Act 1984, to ensure that the individuals and organisations holding personal data on computer systems are registered and observe the data protection principles as required by the Act, unless the data are exempt. When IT services are contracted out, the data protection principles and the registrar's powers to promote compliance with them, apply to both the owner of personal data and the service provider. It is for the registrar to decide how he will use his powers under the Act, and I do not consider that any further arrangements are necessary for him to discharge his duties effectively.