T6: Data governance

Organisations should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.


T6.1 All statutory obligations governing the collection of data, confidentiality, data sharing, data linking and release should be followed. Relevant nationally- and internationally-endorsed guidelines should be considered as appropriate. Transparent data management arrangements should be established and relevant data ethics standards met.

T6.2 The rights of data subjects must be considered and managed at all times, in ways that are consistent with data protection legislation. When collecting data for statistical purposes, those providing their information should be informed in a clear and open way about how that information will be used and protected.

T6.3 Organisations, and those acting on their behalf, should apply best practice in the management of data and data services, including collection, storage, transmission, access, and analysis. Personal information should be kept safe and secure, applying relevant security standards and keeping pace with changing circumstances such as advances in technology.

T6.4 Organisations should be transparent and accountable about the procedures used to protect personal data when preparing the statistics and data including the choices made in balancing competing interests. Appropriate disclosure control methods should be applied before releasing statistics and data. Appropriate protocols should be applied to approved researchers accessing statistical microdata.

T6.5 Regular reviews should be conducted across the organisation, to ensure that data management and sharing arrangements are appropriately robust.

Case studies

The Scottish Government’s (SG)  health and homelessness in Scotland project linked local authority data about homelessness between 2001 and 2016 with NHS data on hospital admissions, outpatient visits, prescriptions, drugs misuse, and National Records of Scotland information about deaths.

Transparency around the risk assessment process helps to demonstrate a producer’s Trustworthiness to users, suppliers and the public. One of the ways that SG were able to demonstrate this was by conducting and publishing their data privacy impact assessment alongside the main analysis report. SG also published the original application for the data, the public benefit and privacy panel application and the correspondence documenting its approval, and details of how to access the data. This approach is now standard practice for all SG publications based on linked data.

Since SG carried out this work, a new tool for risk assessment – Data Protection Impact Assessments (DPIAs) – have been introduced following the 2018 Data Protection Act (DPA), as a requirement of GDPR. They are mandatory where data are combined from multiple sources and the Information Commissioner’s Office recommends they are also conducted on a voluntary basis for any large-scale processing of personal data.

The accountability principle in the DPA requires organisations to have appropriate records in place to demonstrate compliance if required. Departments can meet the DPA accountability principle by conducting a DPIA, and publishing them helps to meet the Code’s requirements for transparency (providing that they are accessibly presented). It isn’t essential to publish a DPIA in full, a summary of the process and the lessons learnt would be sufficient to demonstrate transparency.

Another step producers can take to increase transparency is to publish details of all the data share requests made to them and their outcomes. SG publishes details of the data sharing requests submitted to its Statistics Data Access Panel on its website, which also includes details about past decisions made and the justifications for those decisions.

The Department for Education in England has also been publishing details of the data share requests and outcomes in relation to ad-hoc National Pupil Data Sharing for several years. In December 2017, the Department for Education broadened the scope to cover all routine sharing of personal data and have recently consulted users about further changes to make this easier to engage with and understand.

These examples show how Trustworthiness can be demonstrated by statistics producers being transparent about their approaches to the management of the data linkage process and data shares, and their relevance to some of the current legislation in this area.

Every five years, the Northern Ireland Housing Executive (NIHE) carries out the Northern Ireland House Condition Survey (NIHCS), a survey of approximately 3,000 dwellings that collects data on the characteristics Northern Ireland’s dwelling stock and its occupants. NIHE uses the data to produce a statistical report.

NIHE has a range of procedures in place to protect the confidentiality and security of the NIHCS data. These are described in the background quality report (PDF, 0.19MB) that is published alongside the main statistical report. NIHE has also produced a confidentiality and access statement that sets out its physical, technical and organisational security arrangements and the arrangements for providing statistical data to third parties. For example:

  • All staff working on the NIHCS (including Research Unit staff and surveyors) receive training about their obligations under the Data Protection Act, sign a Declaration of Confidentiality in Official Statistics, and uphold the principles of the General Data Protection Regulation
  • No confidential statistical data are held on laptops or any portable devices or kept on unprotected portable storage media, and all data held on laptops are anonymised so no individual can be identified by their responses
  • Data are sent between NIHE and the contractor (BRE) using secure transmission procedures, and only relevant members of the statistical team can access the BRE website which contains NIHCS data
  • Disclosure control techniques are implemented before the statistics are released to ensure that no individual will be identified. These include a combination of rounding, aggregation and suppression

These measures ensure that users have confidence in the people and the organisation that produce the NIHCS statistics.

Guidance and resources

Office for Statistics Regulation guidance on building confidence in the handling and use of data. It covers handling data to produce and publish official statistics, and making data available to external users, in ways that are transparent and accountable.OSR data governance guidanceOSR
The National Statistician's Data Ethics Advisory Committee (NSDEC) was established to advise the National Statistician on the ethical considerations of accessing, sharing and using data. NSDEC considers project and policy proposals from the Office for National Statistics (ONS) and the Government Statistical Service (GSS) and advises the National Statistician on the ethical appropriateness of these.National Statistician's Data Ethics Advisory Committee (NSDEC)UKSA
NSDEC has produced an ethics self-assessment toolkit. It provides an easy-to-use framework for researchers to review the ethics of their projects throughout the research cycle.NSDEC ethics self-assessment toolkitUKSA
The National Statistician’s Quality Review on privacy and data confidentiality methods brings together important evidence about statistical disclosure control. It aims to help the Government Statistical Service (GSS) take full advantage of the cutting-edge developments and research conducted by world leading experts from across academia and the private sector.Privacy and data confidentiality methods: a National Statistician’s Quality Review (NSQR)GSS
A series of guidance on documents on statistical disclosure control produced by GSS and the Government Social Research Profession (GSR). There is separate guidance for tables produced from administrative data, tables produced from surveys, and microdata produced from social surveys.Guidance on Statistical Disclosure ControlGSS/GSR
A webpage that provides helpful information about data protection. The Data Protection Act controls how personal information is used by organisations, businesses or the government.Data Protection Act websiteUK Government
The Open Data Institute's (ODI) Data Ethics Canvas is designed to help identify potential ethical issues associated with a data project or activity. The webpage contains a user guide, a template and a workshop plan.ODI Data Ethics CanvasODI
Guidance from the Information Commissioner’s Office (ICO) for organisations on data legislation, governance and information management, including the Data Protection Act, the General Data Protection Regulation, and Freedom of Information requests.ICO guidance for organisationsICO
The ICO’s anonymisation code of practice explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. It describes the steps an organisation can take to ensure that anonymisation is conducted effectively, while retaining useful data.Anonymisation: managing data protection risk code of practice (PDF, 1.89MB)ICO
A guide for those who have day-to-day responsibility for data protection. It explains the purpose and effect of each principle, gives practical examples and answers frequently asked questions.ICO data protection principlesICO
The UK Anonymisation Network (UKAN) offers practical advice and information to anyone who handles personal data and needs to share it.UKAN resourcesUKAN