• No results found

Statement on confidentiality and data access

N/A
N/A
Info
Download
Protected

Academic year: 2019

Share "Statement on confidentiality and data access"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

GOV.UK

GOV.UK uses cookies to make the site simpler. Find out more about cookies or hide this message

Research and analysis

Statement on confidentiality and data

access

Updated 18 April 2019

Home Ofsted standards for official statistics

1. Introduction

Principle T6 of the UK Statistics Authority Code of Practice for Statistics

describes effective data governance. This includes effective control over data access and protection of confidential information.

Ofsted’s Head of Profession for Statistics is responsible for all of the official statistics we produce and for making sure they are governed by Ofsted’s data protection policy.

2. Confidentiality

Ofsted holds and processes data that is confidential because it is personal or commercially sensitive. Most of it comes from administrative sources and management information systems.

Principle T6 (Data Governance) of the Code of Practice for Statistics states:

Organisations should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.”

The General Data Protection Regulation (GDPR) places obligations to process

Search

Contents 1. Introduction 2. Confidentiality

3. Organisational security 4. Statistical disclosure

control

(2)

personal information fairly and with transparency, putting individuals in control of how their information is processed.

Ofsted maintains the confidentiality of the data it receives, stores and processes. Staff who work with data receive criminal record checks and training in protecting and managing information.

We publish privacy notices for the different types of personal information it collects, stores and processes.

2.1 Physical security

All Ofsted staff and visitors are required to wear a pass and use it to access and move around premises. Physical access is strictly controlled in line with Ofsted policy and there is no public access to any part of the organisation where confidential statistical data may be held.

2.2 Technical security

We control access to information through password protections and other role-based access controls.

Where necessary, we use transport-level encryption to reduce the risk of

unauthorised interception. Rarely, where there are specific additional information risks, we add other measures to protect information.

3. Organisational security

Ofsted has an information management team responsible for policy, guidance and advice on data protection, information access, assurance and management.

Business Information Risk Owners and Information Asset Managers are

responsible for the day-to-day implementation of the policy. They make sure data resources are managed in accordance with:

the Code of Practice and its supporting protocols this compliance statement

Ofsted’s statutory obligations

Responsible statisticians are also accountable for:

(3)

guarding the integrity and security of their data holdings in accordance with Ofsted’s policies on security and business continuity

archiving their resources in line with Ofsted’s policy on data retention, preservation, and destruction

Responsible statisticians’ duties will evolve to match the development of each of the systems and policies described above.

4. Statistical disclosure control

Ofsted uses statistical disclosure control (SDC) to ensure that individuals or groups can’t be identified from statistical data. This means that:

confidential information about a person or unit (such as a household or business) is not made available

different outputs from the same source, or outputs from different sources, can’t be combined to reveal information about a person or a group of people

4.1 Suppression and rounding of data

Ofsted uses suppression and rounding of data for disclosure control. For example, suppression of data, so that the cell value in a table (which may be disclosive where, for instance, the value is small) is not given.

Secondary suppression of cells, where at least one other value in the row or column is also not given, ensures that suppressed values cannot be deduced through subtraction. Values of 0 and 100% may also be suppressed, for example, where all pupils in a school are eligible for free school meals.

Rounding of cells to a multiple of a set base, such as 5, (where, for example, a true value of 3, 4 or 6 would be shown as 5) adds uncertainty to the true values of small cells and helps avoid disclosure.

5. Access to data

Data access, data sharing or service-level agreements must be established before named third parties are given access to sensitive/personal information. This includes data-sharing with other government departments. These

agreements are written documents and specify:

(4)

Is this page useful? Yes No Is there anything wrong with this page?

Prepare your business or organisation for the UK leaving the EU

Prepare for EU Exit if you live in the UK

Living in Europe after the UK leaves the EU

Continue to live in the UK after it leaves the EU

Prepare for EU Exit

Benefits

Births, deaths, marriages and care

Business and self-employed

Childcare and parenting

Citizenship and living in the UK

Crime, justice and the law

Disabled people

Driving and transport

Education and learning

Employing people

Environment and countryside

Housing and local services

Money and tax

Passports, travel and living abroad

Visas and immigration

Working, jobs and pensions

Services and information

How government works Departments Worldwide Services Guidance and regulation News and communications

Policy papers and consultations

Transparency and freedom of information

Departments and policy

the precise data to be provided that they will be used for

who may access and process them how long they will be retained

Jason Bradbury

Head of Profession for Statistics Ofsted

(5)

releases

Help Cookies Contact Terms and conditions Rhestr o Wasanaethau Cymraeg Built by the Government Digital Service

© Crown copyright All content is available under the Open Government Licence v3.0, except where otherwise

References

Download now ( PDF - 5 Page - 145.88 KB )

Related documents

Janet Hovorka Lectures 2015

Presto Chango: Turn Your Family History Into A Coloring Book Workshop--Computer Lab Workshop Bring 5 fun family stories, a five generation pedigree chart and a few family images

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

 Personal data shall not be transferred to a county or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for

Data Protection and Information Security Policy and Procedure

Organisations working with Tidemill Academy who have access to any of the school data are also required to ensure any personal and sensitive data it holds is securely

Measuring the Effects of Listening for Leisure on Outcome after stroke (MELLO): a pilot randomised controlled trial of mindful music listening

Although effect sizes for key cognitive (memory and attention) variables were consistent with previous research in favoring the music listening interventions over the audiobook

Information Governance policy

Confidentiality, Data Protection, Freedom of Information, Information Security, Data Quality and Records Management.. 2.2 This policy covers the use and management of information

Information Governance and Data Protection Policy

The Senior Information Risk Owner (SIRO) will be a Senior Management Governing Body Member who will take overall ownership of the Organisation’s Information Risk Management

ADTTFFATATDFFTFTAATADTAFTAFDFTDDTAFDFFADFFDDAATFFDATDDFTAAAAAFAFT

As you may recall, last year Evanston voters approved a referendum question for electric aggregation and authorized the city to negotiate electricity supply rates for its residents