Statistical disclosure control

This document outlines the policy for protecting the confidentiality of individuals and individual entities within data held by the Office for National Statistics (ONS). It covers the protection by way of statistical disclosure control methods; it is not concerned with the physical security of the data themselves. This policy is about disclosure control of statistical and research outputs, and it does not cover the arrangements in place for the secure handling and confidentiality protection of individual records.

The Office for National Statistics (ONS) collects a vast range of information from respondents to surveys and the census. It also holds administrative data, such as registration information on births, deaths and other vital events. The ONS publishes statistics and outputs from this information, and statistical disclosure methods are applied so that the confidentiality of data subjects, including individuals, households, and corporate bodies, is protected.

The policy is necessary to ensure that the ONS complies with the UK Statistics Authority Code of Practice for Official Statistics and legal obligations within the Statistics and Registration Service Act (SRSA, 2007), Data Protection Act (2018) and General Data Protection Regulation (GDPR, 2017). Additional legal frameworks must be considered depending on the source of the data and the legal gateways used. Additionally, data from Scotland and Northern Ireland must comply with the relevant legislation and policy as outlined on the National Records of Scotland, Information Services Division (ISD) Scotland and Northern Ireland Statistics and Research Agency websites.

Data controllers can also specify confidentiality safeguards for their data, and any processing of data within the ONS must comply with these agreements.

Along with these legal obligations, the ONS must comply with any pledges made to responders.

All statistics and outputs that are published must protect the confidentiality of data subjects within them in line with data legislation, the legal gateways used, the conditions set by data controllers and any pledges to responders.

While it may be virtually impossible to completely remove the risk of disclosure while retaining the usefulness of the statistics, following appropriate and proportionate statistical disclosure procedures should reduce the risk to an acceptable level. All statistical outputs, whether for general publication or for supply to a specific recipient, are checked for disclosure risk, and disclosure control techniques are applied as required. An audit trail of all disclosure control decisions must be kept, for a proportionate retention period, to ensure the transparency and traceability of such decisions.

The overriding principle of our policy is that confidentiality of individuals and individual statistical units must be protected. Assessing outputs for disclosure risk is key to assessing the level of risk and selecting proportionate and appropriate methods to mitigate it. Any mitigations take into account both the sensitivity as well as the benefit of releasing statistics or outputs from one or multiple datasets. Restricting all detail from an output ought to consider the balance between the utility of the output and the re-identification risk.

The ways in which the outputs are protected will vary according to multiple factors, including:

1. the mode and legal basis of data collection
2. any written or verbal confidentiality pledges to responders
3. the data subjects included in the data
4. the source of the data
5. the type and content of the data
6. the specific benefits for releasing statistics or outputs
7. the medium of publication (for instance, a website, an academic journal, or the answer to a parliamentary question)

An exhaustive list of factors affecting the disclosure control of data would offer little value as most statistical disclosure control methods examine outputs on a case-by-case basis. These must be listed in the relevant procedures and processes across all areas releasing statistics and outputs. 

All decisions on outputs released should be logged, including the data involved, the recipient, the statistical disclosure control decisions and their justifications. This practice is essential in reinforcing our commitment to protecting confidentiality of data subjects as well as maintaining transparent processes.

Statistical Disclosure Control (SDC) Expert Group

Responsible for:

• developing expertise within both the group and across the Office for National Statistics (ONS) and Government Statistical Service (GSS)

• providing advice on disclosure control issues including through guidance documents

• developing disclosure control methods

• providing training and building capability in disclosure control

Accountable to:

• the Methodological Assurance Review Panel (MARP)

• the Data Governance Committee (DGC)

ONS staff using disclosure control methods

Responsible for:

• complying with the statistical disclosure control policy and guidance documents

• consulting with the SDC team to ensure compliance with legal obligations

Legal services

Responsible for:

• providing advice on current and evolving legal issues if required.

National Statistician's Data Ethics Advisory Committee (NSDEC)

Responsible for:

• providing independent advice on data ethics issues, where required.

Accountable to:

• the National Statistician.

Data Governance Committee (DGC)

Responsible for:

• ensuring the consistent application of this policy to all ONS staff and assessing the organisational risk of disclosure.

Accountable to:

• the National Statistician's Executive Group.