HC Deb 11 May 1999 vol 331 cc119-20W
Mr. Cohen

To ask the Secretary of State for Foreign and Commonwealth Affairs if(a) GCHQ are promoting the wider use of the encryption services by offering specialised IT security courses, (b) personal data are required to be processed with respect to that promotion and (c) he will make a statement on his Department's application of the provisions of the Data Protection Acts to such processing. [83792]

Mr. Robin Cook

GCHQ's Communications-Electronics Security Group (CESG) offer IT security courses which are designed to match the stated training and awareness needs of government departments and other customers. CESG is the government expert on cryptography and can be approached by official departments should advice be needed.

CESG is a technical authority and its courses make no specific recommendations about personal data as such. The actual type and degree of protection to be afforded to personal data, along with all forms of data handled by the government, is determined by relevant legislation and Cabinet Office guidance. CESG is currently working with CITU and other departments to provide design consultancy and design services that can help protect personal data in the context of modernising government.

It is current policy that any personal data held or processed by the intelligence agencies, in accordance with their respective functions set out in the Intelligence Services Act 1994, are exempt from the relevant provisions of the Data Protection Act 1984 in order to safeguard national security.