UK Parliament 'has visibility' of its data on Microsoft servers

Director of ICT, Joan Miller, suggests that Microsoft would breach contract if data was moved outside of EU

UK Parliament has visibility of its data on Microsoft servers, according to the organisation's outgoing director of ICT, Joan Miller.

Miller was speaking at Computing's Enterprise Security and Risk Management Summit in London today, where she told delegates that the organisation had insisted in its contract with Microsoft that it would know where its data was at all times.

Last year, she said that the risk posed by the US Patriot Act meant that the Houses of Parliament would need to make contractual agreements with Microsoft to ensure that sensitive data sits in Europe.

Today, she said that if Microsoft had moved the data out of Europe without notifying Parliament, then this would constitute a breach of the contract.

The migration project has still not been completed, with two-thirds of the Parliament's 7,000 staff having been migrated to Office 365. But Miller said that Microsoft has been "very flexible".

"They've understood our hesitations about data sovereignty, security and governance," she said.

Miller suggested that the move to Microsoft could be labelled a success, but suggested that the organisation has had less success with other cloud providers.

"We had an outage; and the provider, which I cannot name, made an error of judgement which cost them money and us reputation. Because of the complexity of our cloud contracts it took us a while to work out which supplier was responsible - we had asked them if it was them but they said it wasn't.

"When we investigated ourselves and found that it was them, they were responsive," she said.

But Miller was not happy with this service.

"As long as we couldn't prove it, it wasn't something they would work on and that is not a good relationship, so we've changed the basis of the contract now," she said.