§ Mr. LidingtonTo ask the Secretary of State for Health what changes she has authorised in the access arrangements to the Office of Population Censuses and Surveys' computers.
§ Mr. SackvilleThe British Computer Society reviewed the confidentiality and computing arrangements for the 813W 1991 census, and its report was published in a White Paper in 1991, Cm 1447, copies of which are available in the Library. The society's report commended the arrangements that had been made to secure the processing of the census, but also recognised that significant changes to computer access mechanisms and procedures would take place in the 1990s. The Office of Population, Censuses and Surveys also recognised that advances in information technology would provide opportunities to improve the availability of the wide range of statistical information which it holds. The society's report had recommended a further review after the main census processing was complete. In 1993, the Registrar-General commissioned such a review from Insight Consulting, who are independent security consultants. In the light of their report, I have agreed, in principle, that information which OPCS would normally provide to central Government agencies by other means—and only that information—may also be directly accessible to them on the OPCS mainframe computer. For other users, information may be directly accessible only from a separate computer not connected to the OPCS mainframe.
In addition, the Registrar-General has engaged Secure Information Systems Ltd. to advise on technical and management issues. With their help, arrangements are being put in place to guard against unauthorised access to personal information held on OPCS's computers.
I have also agreed that, if the results of market testing require this, and subject to the passage of the Deregulation and Contracting Out Bill, data managed by OPCS may be processed by contractors, either on OPCS's computers or elsewhere. Any such contractors will be subject to the same stringent confidentiality requirements as OPCS's own staff.
The Registrar-General and I are confident that the precautions taken will enable OPCS to provide a welcome increase in the availability of information while continuing to manage the data in its care in accordance with best practice, to maintain security and confidentiality of those data, to meet fully the provisions of data protection legislation, to honour the guarantees of confidentiality of personal information, and to comply with its published statement of policies on the security and confidentiality of personal information.