Question to the Ministry of Justice:

To ask the Secretary of State for Justice, what steps he is taking to ensure that the special category level of personal data held by his Department is protected.

The Ministry of Justice (MoJ) takes its data protection responsibilities very seriously. The Department has a well-resourced and knowledgeable Data Protection Team led by an experienced and certified Data Protection Officer (DPO). We have a departmental data protection strategy providing a framework which enables the lawful use of personal data.

The Department delivers regular training which is bespoke to roles which involve the processing of personal information, including special category data. All staff are required to undertake information handling training. The Department has a policy governance framework in place and conducts regular audits to check that our policies and procedures are effective.

The Department continues to foster a culture which promotes good data protection and security principles. The Data Protection Team also works with the Cross Government Data Protection Committee to share learning, best practice and recommendations. This approach has been endorsed by the Information Commissioner’s Office (ICO).

The department has a range of security policies, standards, and guidance material which staff, contractors and suppliers are obliged to follow. These define the security requirements that systems which process MoJ information, including special category information, must include to ensure it is properly protected at all times.