Dear Ms Sayed,
Thank you for inviting the Office for National Statistics (ONS) to give evidence to the Committee on 18 April.
At the session, I committed to providing some further information in response to questions around data security. I understand there were also questions on Armed Forces, Volunteering and Income data that time did not allow for on the day.
In response, I attach a brief note which summarises ONS’ current position on these issues.
Deputy National Statistician and Director General, Population and Public Policy
Office for National Statistics
In December 2017, we published an update on our topic research for the 2021 Census which contains details on our testing and evaluation to date on a number of Census topics.
Armed Forces data
In October 2017, ONS announced that it would recommend the inclusion of a question on the Armed Forces in the 2021 Census for England and Wales. Our research and consultation have established that there is a clear need for information on the Armed Forces and Veteran community.
Central and local government have told us they need information on the Armed Forces and Veteran community to fulfil their commitments under the Armed Forces Covenant. Services and support need to be delivered to the Armed Forces community in areas such as health, housing, qualifications, employment and others. Administrative data provides some of the data required, but not all.
ONS have developed and successfully tested a Census question, which we hope will meet the needs of decision-makers. We therefore intend to recommend inclusion of this topic in the 2021 Census.
We have designed two different questions on volunteering. In both rounds of testing, respondents had difficulty matching their volunteering activities to a response option. Results of the Census Test Evaluation Survey suggest challenges to collect information of sufficient quality to meet the user need. Alongside this, our understanding of user needs for other topics has grown. And so, to manage respondent burden and meet space constraints on the paper questionnaire, we intend to recommend not collecting information on volunteering in the 2021 Census.
We are currently researching how to provide this data by other means. Our economic well-being team are leading an area of work to understand the value of unpaid work, including volunteering.
Valuations of unpaid work are produced in the Household Satellite Accounts which was released in 20164 and provided data from 2005 to 2014. The team also use time-use data to understand the
division of unpaid labour within households and are now planning a new time use survey to further develop and modernise these statistics.
ONS will not recommend that questions about personal income or household income be included in the 2021 Census for England and Wales. Our testing has shown that including a question on income within the Census negatively impacts on response rates, and undermines the quality of data. Instead, we are carrying out research to see if it is feasible to produce income statistics using administrative data.
Our current focus is on producing small area income outputs and understanding the precise user needs for the definition of income. We’ll then extend the research to multivariate outputs.
We are encouraged that our early analysis using administrative data broadly reflects the patterns we expect to see regarding income.
Data access and security
ONS has a strong record in protecting and safeguarding the security of data and information supplied to the Census, not least in its rigorous protection of personal Census information collected over the past 200 years. ONS successfully outsourced census services in 1991 (e.g. publicity, distribution), in 2001 (e.g. postal services, questionnaire printing, questionnaire scanning, data capture and coding as well as the census call centre and helpline) and in 2011 (e.g. publicity, questionnaire printing, postal services, questionnaire scanning, data capture and coding, census helpline, field staff recruitment, payment and training).
The 2021 Census plans to collect the majority of the data using on-line systems with considerably fewer paper forms than in 2011. Outsourced services for a 2021 Census would be conducted in
accordance with government procurement standards and requirements, designed and managed to safeguard the confidentiality of personal information and to deliver value for money. Any companies bidding for work would be subject to the same security requirements as apply to ONS, including those set out in the Statistics and Registration Service Act 2007 (e.g. provisions in s.39) and the Data Protection Act 2018.
The security of Census data is a top priority and ONS has stringent safeguards to protect this data in all our operations. This includes control of physical access to any site or room where the Census data is stored, the secure control of access to Information Technology (IT) systems, personnel security controls to assure the trustworthiness of employees and suppliers working on the Census. All the Information Technology (IT) systems within ONS and its suppliers are designed with security in mind based on UK Government and industry best practice guidelines. Rigorous controls are implemented to protect data during transmission, storage and processing. Specific technical testing is also performed to ensure the systems are built and configured correctly. These security controls are additionally reviewed by the National Cyber Security Centre. The census security programme and its supplier operations activity is managed to the framework of ISO27001 – the internationally recognised Information Security Management Standard.
ONS provides assurance for the trustworthiness, integrity and reliability of our employees and suppliers involved in the Census. The data collected contains sensitive personal information and
ONS has a duty to protect this. A security clearance plays a significant and important role in assessing and managing access to this sensitive information. All staff working on the Census undergo a range of personal checks to validate their identity and check their criminal record. Those employees with access to personal information have an additional national security vetting performed.
ONS tightly controls access to IT systems that hold Census data to ensure that only those employees with the need to access this can do so. The proposals for the 2021 Census ensure that the data
captured electronically will at all times be handled securely. These measures cover the completed questionnaires, the electronic Census data set and all infrastructure relating to the operation of the Census including websites, supplier systems and communications links. Specific governance and processes authorise and manage access to Census data. Protective monitoring of this access
ensures that it is used in accordance with the ONS rules. All of the electronic communications links used for routing personal census information are encrypted.
Our current plans for data collection mean that completed paper forms will be securely scanned and passed to ONS by a supplier operating under ONS oversight. Suppliers will also be used in recruiting the field force and providing services such as the operation of our contact centre. All those working on the Census as employees of ONS or as suppliers or sub-contractors providing services to support the 2021 Census will be security checked and required to sign an undertaking to demonstrate that they understand their legal obligations and will not disclose any information relating to an individual person or a household.
A Data Protection Impact Assessment (DPIA) is a legal requirement of the new Data Protection Act implementing the General Data Protection Regulation, where the processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. A Privacy Impact Assessment (the previous name for DPIAs) was completed for the 2011 Census and published on the ONS website. ONS has produced and published a privacy impact assessment at the initial research stage (The Census and Future Provision of Population Statistics in England and Wales: Privacy Impact Assessment for the Initial Research Stage’, March 2015). The DPIA for the 2021 Census will identify the risks to privacy and assess those risks; detail all our processing activities; ensure that our processing meets the principles of data protection, such as transparency and fairness; ensure that we have undertaken necessary consultation with relevant stakeholders.
Ongoing security reviews are performed on all Census systems to ensure that the security defences remain effective and cyber security with the potential to affect Census data are detected.
Finally, at the core of ONS’ data security is our Five Safes Framework – Safe people; Safe projects; Safe settings; Safe outputs; Safe data. Under the safe people pillar is the Approved Researchers
Scheme. This scheme is used by ONS to grant access to data that cannot be published openly, for statistical research purposes, as permitted by the Statistics and Registration Service Act 2007. To
access data in this way, an individual must hold ONS Researcher Accreditation and have their research proposal approved by the ONS Microdata Release Panel, on behalf of the National Statistician. The processes and criteria used within the Approved Researcher Scheme were revised in 2016. The criteria for accreditation require that all researchers be fit and proper, and their specific research proposals are scrutinised to ensure there is a clear public benefit. Further information about the Approved Researchers Scheme can be found on our website.