Parliament: Data Protection

The Lord Chairman of Committees written question – answered on 13th February 2015.

Alert me about debates like this

Photo of Lord Laird Lord Laird Non-affiliated

To ask the Chairman of Committees, further to the Written Answers by Lord Bates on 19 January (HL4242 and HL4243), why it was decided to store parliamentary data on Microsoft servers in the Netherlands and the Republic of Ireland; and whether any attempt by the United States authorities to access those records will be made on a mutual legal assistance basis.

Photo of Lord Sewel Lord Sewel Chair, Administration and Works Committee (Lords), Chair, Freedom of Information Advisory Panel (Lords), Chair, Hybrid Instruments Committee (Lords), Chair, Liaison Committee (Lords), Chair, Committee for Privileges and Conduct (Lords), Chair, Procedure and Privileges Committee, Chair, Refreshment Committee (Lords), Chair, Committee of Selection (Lords), Chair, Standing Orders (Private Bills) Committee (Lords), Chair, Accommodation Steering Group Committee, Chair, Sub-Committee on Leave of Absence, Chairman of Committees, House of Lords, Deputy Speaker (Lords), Chair, Hybrid Instruments Committee (Lords), Chair, Liaison Committee (Lords), Chair, Procedure and Privileges Committee, Chair, Committee of Selection (Lords), Chair, Standing Orders (Private Bills) Committee (Lords), Chair, Administration and Works Committee (Lords), Chair, Administration and Works Committee (Lords), Chair, Administration and Works Committee (Lords), Chair, Committee for Privileges and Conduct (Lords), Chair, Refreshment Committee (Lords)

The move to Office 365, which necessitated the storage of parliamentary data on Microsoft servers, was a core part of Parliament’s ICT Strategy to deliver improved services, connecting Members to the information that they need from anywhere, at any time and from any device.

Parliamentary ICT worked in collaboration with the Parliamentary Security Director, the Senior Information Risk Owners of both Houses, counsel, other parties and the supplier to assess the risks of the proposed new arrangements. Any risks in relation to conventional cyber-attacks were assessed to be sufficiently mitigated and the risk of potential cross jurisdictional action was considered to be negligible (for example, under the USA PATRIOT Act) given the reassurances that were received.

It would not be for me to comment on possible or actual activities of another country’s authorities.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.