Skip to content

About Statistics & Research

Statement on confidentiality and data access

This explains how we keep the data we use to underpin official statistics secure, respect individuals' rights to privacy and enable other people to use our data.

This Statement is issued in conformance with the requirements set out in Principle 5: Confidentiality of the Code of Practice for Official Statistics (external link).

It sets out the arrangements we have put in place to:

  • protect the security of our data holdings and uphold our guarantee that no statistics will be produced that are likely to identify an individual unless specifically agreed with them
  • while at the same time; obtaining maximum value from these micro-data, once obtained, by extending access to bona fide and authorised third parties.

Summary

The Welsh Government Statistical Services and Social Research divisions hold and process various data which are sensitive because they are either personal or commercially sensitive.

Specific measures are taken to preserve their confidentiality and security:

  • legislation and codes of practice governing the collection, storage and use of confidential data are strictly observed
  • statistics are not published or otherwise released unless the risk to confidentiality is minimised
  • staff members receive appropriate training in information  security measures, and in the importance of accessing confidential data appropriately, and only when necessary
  • data access arrangements must be signed by any external researchers and contractors who may be allowed access to confidential data, while confidentiality declarations are made by internal colleagues who work outside the Welsh Government Statistics and Research team
  • all confidentiality undertakings are respected when data are received from other organisations.

Information security

The Welsh Government Statistics and Research team aims to ensure that it has the required policies, systems and culture in place in order to meet international standards on information security management systems.

Staff members receive appropriate training in IT security measures including the mandatory “Protecting Information” course developed by the Cabinet Office and Civil Service Learning.

The Welsh Government has designated Information Asset Owners for each Director General, and via the means of quarterly internal control returns to a senior officer, each has responsibility for:

  • identifying and recording information assets
  • ensuring staff who manage information assets in the Department are appropriately trained
  • managing risk relating to information assets
  • ensuring information passed to third party suppliers and third party suppliers managing any of our information are aware of their responsibilities.

The Information Asset Owner for The Welsh Government Statistics and Research team is the Chief Statistician, who is supported in this role by the Head of Data Collection.

Organisational protocols

All staff working in this organisation and all visitors to its sites require a pass to access the premises. There is no public access to any part of the organisation where confidential statistical data may be held.

We maintain a Public Services Network (PSN). No sensitive or confidential statistical data are held on laptops or any other portable devices or kept on unencrypted portable storage media. All transmission of data pertaining to individuals, households or businesses is conducted within the PSN or else shared via authorised secure channels, such as the PSN, Egress Switch, PGP software and secure web-portals.

We use a combination of survey project managers and data managers (sometimes referred to as data custodians) to protect and maintain our data and Welsh Government Statistics and Research team staff are trained in the importance of accessing confidential data appropriately, and only when necessary.  Further, and as recommended in the “National Statistician’s guidance: Confidentiality of Official Statistics” (external link) we use the Declaration of Confidentiality when sharing individual or personal data with non-Welsh Government Statistics and Research staff within the organisation.

Fair processing notices are used for relevant data collections to ensure data subjects and suppliers are aware of the purposes of the collection and how their data will be used.

We regularly assess the risk of the accidental disclosure of an individual’s information in each of our relevant outputs, and the statistical disclosure techniques used to mitigate these risks are tailored for each output to meet the confidentiality guarantee. These risk assessments are reviewed regularly to ensure they provide the necessary balance between management of the risk and data usability.

Data exchange

We provide micro-data to bona fide researchers in the academic sector, to local authorities, Welsh Government Sponsored Bodies, medical researchers, other government departments and devolved administrations, and Eurostat. Data may be released under arrangements described in a formal Data Access Arrangement (or occasionally via a Service Level Agreement, a Concordat, or a contract).  In every case, a prospective user must make an application for approval for release to the Chief Statistician.

Details of the data to be shared, the agreed uses of the data, the legal basis for the data share, the data transfer mechanism and an expected date of destruction are set out in the agreement to be signed by the requesting body. The Agreement must have the Chief Statistician’s approval to give the business area the authority to release the data.  Full details of all authorised access to the organisation’s data pertaining to individuals, households or businesses are available on request from the Chief Statistician.

All beneficiaries of access are required to agree to audits of organisational, technical and physical security. The standards must be those to which the beneficiary agreed in the data access agreement.

We currently use two secure systems (AFON, DEWI) for data collection and sharing, alongside corporate tools which allow the secure sharing of various file types. These systems enable secure movement of different types of data between the Welsh Government and its data providers or users.

Exceptions

The Chief Statistician (in consultation with the National Statistician as necessary) must authorise any exceptions to the principle of confidentiality protection prior to any data being released. Records of any authorisations are kept in a registered file by the Welsh Government Statistical Services and Social Research divisions.

Keep up to date @StatisticsWales@StatisticsWales Sign up to our newsletterSign up to our newsletter
Share