To ask the Chairman of Committees, further to the Written Answers by Lord Bates on 19 January (HL4242 and HL4243), why it was decided to store parliamentary data on Microsoft servers in the Netherlands and the Republic of Ireland; and whether any attempt by the United States authorities to access those records will be made on a mutual legal assistance basis.
The move to Office 365, which necessitated the storage of parliamentary data on Microsoft servers, was a core part of Parliament’s ICT Strategy to deliver improved services, connecting Members to the information that they need from anywhere, at any time and from any device.
Parliamentary ICT worked in collaboration with the Parliamentary Security Director, the Senior Information Risk Owners of both Houses, counsel, other parties and the supplier to assess the risks of the proposed new arrangements. Any risks in relation to conventional cyber-attacks were assessed to be sufficiently mitigated and the risk of potential cross jurisdictional action was considered to be negligible (for example, under the USA PATRIOT Act) given the reassurances that were received.
It would not be for me to comment on possible or actual activities of another country’s authorities.