Question

To ask the hon. Member for Caithness, Sutherland and Easter Ross representing the House of Commons Commission, who within the House is accountable for data security.

The Clerk of the House is responsible for data security for the House of Commons Service. As Data Controller, the Clerk is obliged by law to process personal data fairly, lawfully and in accordance with the data protection principles of the Data Protection Act 1998.

The Clerk of the House delegates actions relating to data security as follows:

The Senior Information Risk Owner (SIRO), the Director General, Human Resources and Change, is the member of the House of Commons Management Board responsible for managing information risk. He oversees information security policy for the House of Commons.

The Director of Parliamentary Information and Communications Technology (D/PICT) has overall Management Board-level responsibility in both Houses for implementing the ICT strategy for Parliament and for providing both Boards with technical security advice. She is responsible for the specification, procurement, operation, security and maintenance of the electronic systems on which the great majority of Parliament's information is communicated, stored and handled and for providing officials and staff with training and support on their use.

The Parliamentary Security Director advises the SIROs in both Houses and gives strategic and policy direction to D/PICT on cyber security.

Members are the data controllers for all personal data that is handled by their offices and they have responsibility for ensuring that this is done in accordance with the Data Protection Act.