The Central Digital and Data Office, in the Cabinet Office, sets the policy and leads the cross-government approach to the safe, ethical, legal and secure sharing of government data. They work with the Government Security Group, who also lead on the topic of Supply Chain Security.<\/p>
<\/strong><\/p> When sharing personal data with third party organisations, departments must make sure data is used fairly, lawfully and transparently, in compliance with the data protection principles set in UK GDPR and the Data Protection Act 2018. This includes having the requisite data protection controls and governance in place and working with vendors and partners to identify and remediate any risks. All government contracts with suppliers must consider the security of all information and set expectations for how it should be protected.<\/p> <\/strong><\/p> Departments are responsible for managing their security risks, including the risks to their information that is held and processed by authorised third-parties. The Government Security Standard, local security policies and assurance frameworks such as the Cyber Assessment Framework set out how they should do this. These frameworks and good practice have been collaboratively developed by the Cabinet Office, the National Cyber Security Centre and Departments themselves.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4613", "label" : {"_value" : "Biography information for Alex Burghart"}
}
, "answeringMemberConstituency" : {"_value" : "Brentwood and Ongar"}
, "answeringMemberPrinted" : {"_value" : "Alex Burghart"}
, "dateOfAnswer" : {"_value" : "2024-02-13", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2024-02-13T15:52:28.62Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2024-02-05", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Minister for the Cabinet Office, what steps his Department is taking to ensure that Government data which is shared with third-party organisations is protected.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4518", "label" : {"_value" : "Biography information for Tulip Siddiq"}
}
, "tablingMemberConstituency" : {"_value" : "Hampstead and Kilburn"}
, "tablingMemberPrinted" : [{"_value" : "Tulip Siddiq"}
], "uin" : "13006"}
, {"_about" : "http://data.parliament.uk/resources/1669094", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1669094/answer", "answerText" : {"_value" : " The Central Digital and Data Office (CDDO), in the Cabinet Office, is responsible for the Government\u2019s Cloud strategy and for advising government departments on Cloud.<\/p> CDDO has a quarterly data commissioning process that collects metrics across a number of strategic areas including cloud adoption. Central government organisations report their estimated percentage of technology assets hosted on cloud. Further to this, CDDO operates the Quarterly Business Review, a joint Cabinet Office-HM Treasury assurance review of departmental delivery that allows CDDO to query departmental progress on implementing cloud first adoption.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4613", "label" : {"_value" : "Biography information for Alex Burghart"}
}
, "answeringMemberConstituency" : {"_value" : "Brentwood and Ongar"}
, "answeringMemberPrinted" : {"_value" : "Alex Burghart"}
, "dateOfAnswer" : {"_value" : "2023-11-17", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2023-11-17T12:10:25.91Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2023-11-09", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Minister for the Cabinet Office, what assessment his Department has made of the effectiveness of cross-departmental implementation of the Government Cloud First policy.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4093", "label" : {"_value" : "Biography information for Stephen McPartland"}
}
, "tablingMemberConstituency" : {"_value" : "Stevenage"}
, "tablingMemberPrinted" : [{"_value" : "Stephen McPartland"}
], "uin" : "1121"}
, {"_about" : "http://data.parliament.uk/resources/1643504", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1643504/answer", "answerText" : {"_value" : " Information classified as SECRET or above, should only be managed on appropriately encrypted devices. Such devices are secured by robust physical, procedural and personnel security measures. In addition, any encrypted devices that provide for access to SECRET information are also architected to mitigate the risk of theft or loss.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4507", "label" : {"_value" : "Biography information for Sir Jeremy Quin"}
}
, "answeringMemberConstituency" : {"_value" : "Horsham"}
, "answeringMemberPrinted" : {"_value" : "Jeremy Quin"}
, "dateOfAnswer" : {"_value" : "2023-06-19", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2023-06-19T14:59:21.2Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2023-06-09", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Minister for the Cabinet Office, what steps his Department is taking to protect information classified as secret or above in the event of the theft of a Government electronic device.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4638", "label" : {"_value" : "Biography information for Mr Tanmanjeet Singh Dhesi"}
}
, "tablingMemberConstituency" : {"_value" : "Slough"}
, "tablingMemberPrinted" : [{"_value" : "Mr Tanmanjeet Singh Dhesi"}
], "uin" : "188786"}
, {"_about" : "http://data.parliament.uk/resources/1524406", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1524406/answer", "answerText" : {"_value" : " The Government takes matters of security very seriously. Government Departments routinely provide advice and guidance, including to ministers, on the appropriate handling of Government information.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4503", "label" : {"_value" : "Biography information for Chris Philp"}
}
, "answeringMemberConstituency" : {"_value" : "Croydon South"}
, "answeringMemberPrinted" : {"_value" : "Chris Philp"}
, "dateOfAnswer" : {"_value" : "2022-10-25", "_datatype" : "dateTime"}
, "groupedQuestionUIN" : {"_value" : "67274"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2022-10-25T11:34:09.85Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2022-10-19", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Minister for the Cabinet Office, what steps the Government is taking to ensure all official-sensitive documents are not distributed via personal channels.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4870", "label" : {"_value" : "Biography information for Florence Eshalomi"}
}
, "tablingMemberConstituency" : {"_value" : "Vauxhall"}
, "tablingMemberPrinted" : [{"_value" : "Florence Eshalomi"}
], "uin" : "67273"}
, {"_about" : "http://data.parliament.uk/resources/1524408", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1524408/answer", "answerText" : {"_value" : " The Government takes matters of security very seriously. Government Departments routinely provide advice and guidance, including to ministers, on the appropriate handling of Government information.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4503", "label" : {"_value" : "Biography information for Chris Philp"}
}
, "answeringMemberConstituency" : {"_value" : "Croydon South"}
, "answeringMemberPrinted" : {"_value" : "Chris Philp"}
, "dateOfAnswer" : {"_value" : "2022-10-25", "_datatype" : "dateTime"}
, "groupedQuestionUIN" : {"_value" : "67273"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2022-10-25T11:34:09.883Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2022-10-19", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Minister for the Cabinet Office, what steps the Government is taking to ensure Ministers follow security procedures when dealing with official documents.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4870", "label" : {"_value" : "Biography information for Florence Eshalomi"}
}
, "tablingMemberConstituency" : {"_value" : "Vauxhall"}
, "tablingMemberPrinted" : [{"_value" : "Florence Eshalomi"}
], "uin" : "67274"}
, {"_about" : "http://data.parliament.uk/resources/1333902", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1333902/answer", "answerText" : {"_value" : " The Government acts in accordance with the Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000.<\/p> <\/p> This includes advice on the disposal of ephemeral information and how to keep records needed for business, regulatory, legal and accountability purposes.<\/p> <\/p> The Government is reviewing how guidance can be updated to reflect contemporary information management practice in the modern digital working environment.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4200", "label" : {"_value" : "Biography information for Lord True"}
}
, "answeringMemberPrinted" : {"_value" : "Lord True"}
, "dateOfAnswer" : {"_value" : "2021-06-28", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2021-06-28T16:15:14.563Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2021-06-14", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "2"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25277", "prefLabel" : {"_value" : "House of Lords"}
}
], "questionText" : "To ask Her Majesty's Government what is their policy for theĀ use of self-destructing messages in communications with Government departments where no record of these messages is retained.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/2024", "label" : {"_value" : "Biography information for Lord Hunt of Kings Heath"}
}
, "tablingMemberPrinted" : [{"_value" : "Lord Hunt of Kings Heath"}
], "uin" : "HL1065"}
, {"_about" : "http://data.parliament.uk/resources/1307870", "AnsweringBody" : [{"_value" : "Department for Digital, Culture, Media and Sport"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1307870/answer", "answerText" : {"_value" : " The audit referred to in the question was a specific audit by the Information Commissioner\u2019s Office (ICO) of the Department for Education (DfE). The DfE has been working closely with the ICO since the audit was undertaken in February 2020 to address all the recommendations and published its formal response in January 2021 in the House Library, paper reference DEP2021-0072.<\/p> <\/strong><\/p> The work being done by DfE in partnership with the ICO to address the audit recommendations, particularly around data sharing policy and strategy, will support good practice across the public, private and third sectors, in line with the aims of the National Data Strategy.<\/p> <\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/39", "label" : {"_value" : "Biography information for Sir John Whittingdale"}
}
, "answeringMemberConstituency" : {"_value" : "Maldon"}
, "answeringMemberPrinted" : {"_value" : "Mr John Whittingdale"}
, "dateOfAnswer" : {"_value" : "2021-04-20", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2021-04-20T10:28:33.997Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "10"}
, "answeringDeptShortName" : {"_value" : "Digital, Culture, Media and Sport"}
, "answeringDeptSortName" : {"_value" : "Digital, Culture, Media and Sport"}
, "date" : {"_value" : "2021-04-12", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Secretary of State for Digital, Culture, Media and Sport, which of the 139 recommendations identified in the Information Commissioner's Office audit of Government departments will be included as part of the National Data Strategy.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4769", "label" : {"_value" : "Biography information for Daisy Cooper"}
}
, "tablingMemberConstituency" : {"_value" : "St Albans"}
, "tablingMemberPrinted" : [{"_value" : "Daisy Cooper"}
], "uin" : "179577"}
, {"_about" : "http://data.parliament.uk/resources/1305113", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1305113/answer", "answerText" : {"_value" : " Regulation 32 of the Public Contracts Regulations 2015 sets out the grounds in which contracting authorities can procure goods, services and works with extreme urgency in exceptional circumstances. In our recently published Green Paper, we have set out our proposals to clarify these rules, learning from the experience in the pandemic.<\/p> The process of implementing the Boardman recommendations began immediately, and the programme is being assured by the Cabinet Office Audit and Risk Committee. We committed to provide an update on implementation six months after publication.<\/p> All G-Cloud suppliers must publicly show their security certifications, standards and approach to personnel security on the Digital Marketplace. Suppliers must also maintain physical and IT security that follows good industry practice to ensure there is no unauthorised access to any confidential information and data. Along with this, suppliers must inform Crown Commercial Service of any data breaches within 48 hours and Crown Commercial Service has the power to undertake security audits of suppliers.<\/p> Transforming Government Procurement will make it easier to take into account issues relating to workplace rights and protections through aligning the value for money definition with that of the Green Book, and removing in certain circumstances the need for wider policy considerations to be linked to the subject matter of the contract.<\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4647", "label" : {"_value" : "Biography information for Julia Lopez"}
}
, "answeringMemberConstituency" : {"_value" : "Hornchurch and Upminster"}
, "answeringMemberPrinted" : {"_value" : "Julia Lopez"}
, "dateOfAnswer" : {"_value" : "2021-04-13", "_datatype" : "dateTime"}
, "groupedQuestionUIN" : [{"_value" : "174282"}
, {"_value" : "174284"}
], "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2021-04-13T12:22:29.41Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "53"}
, "answeringDeptShortName" : {"_value" : "Cabinet Office"}
, "answeringDeptSortName" : {"_value" : "Cabinet Office"}
, "date" : {"_value" : "2021-03-23", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "1"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"}
}
], "questionText" : "To ask the Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, what steps the Government is taking to prevent data breaches when awarding contracts for cloud services to multi-national corporations.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/4788", "label" : {"_value" : "Biography information for Fleur Anderson"}
}
, "tablingMemberConstituency" : {"_value" : "Putney"}
, "tablingMemberPrinted" : [{"_value" : "Fleur Anderson"}
], "uin" : "174285"}
, {"_about" : "http://data.parliament.uk/resources/1231323", "AnsweringBody" : [{"_value" : "Department for Digital, Culture, Media and Sport"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1231323/answer", "answerText" : {"_value" : " The Information Commissioner\u2019s Office is an independent public body and is the UK\u2019s independent regulator for data protection and freedom of information. The UK Government does not speak on its behalf.<\/p> Information on the powers available to the Information Commissioner and how they are used is available in the Regulatory Action Policy<\/a> published on the Information Commissioner\u2019s Office website. The ICO will consider any complaints from individuals that are concerned about their rights in connection with international transfers.<\/p> The UK Government\u2019s statement on the Schrems II judgment is available on Gov.UK<\/a> and the Information Commissioner\u2019s Office have published their most recent statement<\/a> on their website, which sets out the approach to be taken following the Schrems II judgement.<\/strong><\/p>"}
, "answeringMember" : {"_about" : "http://data.parliament.uk/members/4703", "label" : {"_value" : "Biography information for Baroness Barran"}
}
, "answeringMemberPrinted" : {"_value" : "Baroness Barran"}
, "attachment" : {"_about" : "http://data.parliament.uk/resources/1231323/answer/attachment/1", "fileName" : {"_value" : "Regulatory Action Policy.pdf"}
, "title" : "Regulatory Action Policy"}
, "dateOfAnswer" : {"_value" : "2020-09-11", "_datatype" : "dateTime"}
, "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"}
, "questionFirstAnswered" : [{"_value" : "2020-09-11T13:32:55.327Z", "_datatype" : "dateTime"}
]}
, "answeringDeptId" : {"_value" : "10"}
, "answeringDeptShortName" : {"_value" : "Digital, Culture, Media and Sport"}
, "answeringDeptSortName" : {"_value" : "Digital, Culture, Media and Sport"}
, "date" : {"_value" : "2020-09-03", "_datatype" : "dateTime"}
, "hansardHeading" : {"_value" : "Government Departments: Data Protection"}
, "houseId" : {"_value" : "2"}
, "legislature" : [{"_about" : "http://data.parliament.uk/terms/25277", "prefLabel" : {"_value" : "House of Lords"}
}
], "questionText" : "To ask Her Majesty's Government what action the Information Commissioner's Office will be taking against misleading statements given by international cloud providers about the security of UK data on their platforms following the following the judgment by the European Court of Justice in the Schrems II case.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"}
, "tablingMember" : {"_about" : "http://data.parliament.uk/members/3396", "label" : {"_value" : "Biography information for Lord Clement-Jones"}
}
, "tablingMemberPrinted" : [{"_value" : "Lord Clement-Jones"}
], "uin" : "HL7761"}
, {"_about" : "http://data.parliament.uk/resources/1149071", "AnsweringBody" : [{"_value" : "Cabinet Office"}
], "answer" : {"_about" : "http://data.parliament.uk/resources/1149071/answer", "answerText" : {"_value" : "