§ Mr. BellinghamTo ask the Secretary of State for Trade and Industry (1) what research her Department has conducted into the security implications of call centres being outsourced to other countries; and if she will make a statement; [185456]
(2) what representations have been made to her Department by representatives of British industry regarding security concerns which have arisen from outsourcing call centres from the UK. [185455]
§ Ms HewittCompanies wanting to transfer personal data from the UK to other countries must comply with the Data Protection Act's requirements, including its eight rules of good information handling known as the Data Protection Principles.
Where a company overseas is processing personal data under contract to a company in the UK, the UK Company, as controller of the data, retains full responsibility for the actions of the second company. This situation applies whether the processing is being carried out in the UK or abroad.
Responsibility for administering and enforcing the Act lies with the Information Commissioner, Richard Thomas, who carries out these duties independently of the Government. Any directly affected person who believes that one of the Act's requirements has been broken can ask the Commissioner to assess whether this is the case. If he concludes that there has been a significant breach, it is open to him to take enforcement action against the organisation concerned. To date, the 754W Information Commissioner has not received any substantive complaints that the Act has been breached as a result of the offshoring of call centre work.