The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
1240/5(8403)
WRITTEN QUESTION TO H.M. ATTORNEY GENERAL BY DEPUTY T.A. VALLOIS OF ST. SAVIOUR
ANSWER TO BE TABLED ON MONDAY 30th JUNE 2014
Question
Will H.M. Attorney General clarify, with reference to recommendation 5 of the Comptroller and Auditor General's (C & AG) report R.77/2013 (Public Audit in Jersey') the full extent of the C&AG's existing legal powers to access computers in the execution of her statutory duties and, in particular, whether those existing powers would permit access for the purposes of assessing the operation of computer systems including standards of information security?
Answer
The relevant part of recommendation 5 of the C & AG's ReportR77/2013 stated that where a legislative opportunity arises, specific provision about rights of access to computers should be made.
The C & AG's existing legal powers are contained in the Public Finances (Jersey) Law 2005 (the Law).
Article 46 of the Law imposes a duty on the C & AG to provide the States with independent assurance that the public finances of Jersey are being regulated, controlled and accounted for in accordance with the Law. This provision is drafted in broad terms but also makes reference to particular duties, and how the requirement is taken to apply to States funded bodies and independently audited States bodies.
For the purpose of performing these functions the C & AG has statutory powers. Article 55 of the Law enables the C & AG to summons a person to produce a specified record, or to require a person who has access to a record to provide the information contained in it. Article 56 of the Law enables the C & AG to enter a building or other premises and while there inspect any records.
The meaning of "record" for the purposes of the Law is "information recorded in any form and, in relation to information recorded otherwise than in legible form, a reference to its provision or production includes a reference to providing or producing a copy of the information in legible form". Information recorded in "any form" includes electronic records whether those are held on computers, USB drives, discs, or in any new format that may be developed in the future.
In my opinion, these statutory powers could be relied on where the C & AG, for the purpose of regulating, controlling and accounting for the public finances of Jersey, needs to access the records on a States computer system to assess whether the way the system operates and its standards of information security are adequate.
Where technical expertise would be required, the C & AG could authorize others to carry out her functions in accordance with the Public Finances (Transitional Provisions) (No.2) (Jersey) Regulations 2005.