Debates between Baroness Twycross and Lord Evans of Rainow during the 2024 Parliament

Public Procurement: Data Offshoring

Debate between Baroness Twycross and Lord Evans of Rainow
Tuesday 8th October 2024

(1 month, 2 weeks ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Evans of Rainow Portrait Lord Evans of Rainow
- Hansard - - - Excerpts

To ask His Majesty’s Government what assessment they have made of public bodies and services, including the NHS Digital app, procuring professional services through processes which purport to be “onshoring” to firms which contract third parties outside the United Kingdom to do the work; and what assessment they have made of the risk this poses to private data and cybersecurity.

Baroness Twycross Portrait The Parliamentary Under-Secretary of State, Department for Culture, Media and Sport (Baroness Twycross) (Lab)
- View Speech - Hansard - -

Each contracting authority carefully considers and makes risk-based decisions on whether, and where, data can be offshored, and what restrictions are appropriate for service delivery and development activities. The new standard security schedules for all central government contracts, published on 1 October 2024, include greater controls over data offshoring and stronger security requirements. Buyers also have greater transparency over where, and how, their data is hosted and processed, and stronger remedies where suppliers do not follow buyers’ requirements. Outsourcing contracts also contain complementary provisions on the offshoring of this personal data under GDPR.

Lord Evans of Rainow Portrait Lord Evans of Rainow (Con)
- View Speech - Hansard - - - Excerpts

I thank the Minister for her reply. NHS Digital has contracted with Splunk, which subcontracts to the Bulgarian company Bright Consulting. This practice, which Splunk refers to as “onshoring”, began during the Covid-19 pandemic and continues to this day. Can the Minister reassure the House that under this practice of onshoring to third-party non-UK-based companies patient data really is safe? Is the taxpayer getting value for money by paying UK rates to a company that outsources the work for a considerable margin?

Baroness Twycross Portrait Baroness Twycross (Lab)
- View Speech - Hansard - -

The government model services contract is one of three template contracts for use by government departments and wider government when procuring complex outsourced services. Value for money for taxpayers is central to good government procurement. The Government recognise the potential risk of data offshoring taking place without the explicit consent of public sector buyers. New standard security schedules for all government contracts include greater controls over data offshoring and stronger security requirements.