Skip to content

Statement on Confidentiality and Access

Welsh Assembly Government
Contact Us | A to Z | Accessibility | Site Map | Cymraeg
Home » Topics » Statistics » About Statistical Directorate » Statement of Compliance » Confidentiality and Access
RSS RSS Text Size: A  | A  | A  | A  

Statement on Confidentiality and Access

This Statement is issued in conformance with the requirements set out in the Protocol on Data Access and Confidentiality.

It sets out the arrangements we have put in place to:

  • protect the security of our data holdings and uphold our guarantee that no statistics will be produced that are likely to identify an individual unless specifically agreed with them; while at the same time.
  • obtain maximum value from these micro-data, once obtained, by extending access to bona fide and authorised third parties.

Arrangements for maintaining the confidentiality of statistical data

The Welsh Assembly Government Statistical Directorate holds and processes various data which are confidential because they are either personal or commercially sensitive. Specific measures are taken to preserve their confidentiality and security:

  • each set of confidential data is controlled by a data custodian who maintains written guidelines on the use of the data;
  • legislation and codes of practice governing the collection, storage and use of confidential data are strictly observed;
  • statistics are not published or otherwise released unless there is virtually no risk to confidentiality;
  • confidentiality declarations must be signed by any external researchers and contractors who may be allowed access to confidential data;
  • all personal identifiers are stored separately from the data to which they correspond;
  • enhanced security arrangements are considered where two or more data sets are linked;
  • all confidentiality undertaking are respected when data are received from other organisations;
  • SD staff receive appropriate training in IT security measures.

The Information Security Project is currently being undertaken. The aim of the project is to put in place the policies, systems and culture change needed to ensure that the National Assembly for Wales is able to meet ISO17799 which sets standards for the security of information within organisations.

The project has been extended to reinforce the point that information security is not just about IT systems. It is equally about Assembly staff understanding the value of information as an asset, understanding why measures must be taken to protect it, what those measures are and taking a responsible attitude to the information in their care.

Physical security

All staff working in this organisation and all visitors to its sites require a pass to access the premises. There is no public access to any part of the organisation where confidential statistical data may be held.

Technical security

We maintain a GSI network. No confidential statistical data are held on laptops or any other portable devices or kept on unprotected portable storage media. All transmission of micro-data is conducted within the GSI network or on encrypted e-mail or password protected CDs.

Organisational security

We use a combination of survey project managers, data custodians, and data management teams to protect and maintain our data.

Disclosure Security

We are developing our statistical disclosure techniques to meet the confidentiality guarantee. These will be reviewed every five years for adequacy.

Arrangements for providing controlled access to micro-data

We provide micro-data to bona fide researchers in the academic sector, to Local Authorities, Assembly Sponsored Public Bodies, medical researchers, other government departments and devolved administrations, and Eurostat. Data may be released under arrangements described in a Service Level Agreement, a Concordat, contracts, and confidentiality declarations. In every case, a prospective customer must make an application for approval for release to the Chief Statistician.

The Chief Statistician’s approval gives the business area the authority to release the data. The Chief Statistician also maintains the definitive documentation of all access to data held by the organisation.

Recording the details of access authorisations

Full details of all authorised access to the organisation’s micro-data are available on request from the Chief Statistician.

Auditing of beneficiaries of access

All beneficiaries of access are required to agree to audits of organisational, technical and physical security. The standards must be those to which the beneficiary agreed in the data access agreement.