Information needed | Response |
---|---|
Title and link to statistical output | Transition to Net Zero: The Low Emissions Vehicles Sector |
Name of producer organisation | Transition to Net Zero: The Low Emissions Vehicles Sector |
Name and contact details of person dealing with report | Gemma Thomas Gemma.n.thomas@ons.gov.uk |
Name and contact details of Head of Profession for Statistics or Lead Official | Rachel Skentelbery stat.hopoffice@ons.gov.uk |
Link to published statement about the breach (if relevant) | https://www.ons.gov.uk/releases/transitiontonetzerothelowemissionsvehicleslevsector |
Date of breach report | 1st November 2021 |
Information needed | Response |
---|---|
Relevant principle(s) and practice(s) | T3.3 Orderly Release |
Date of occurrence of breach | 21st October 2021 |
An e-mail was accidently sent on Thursday 21st October at 23:01 to someone outside ONS (details below) with a file that contained survey data that is not yet published. Details as follows:
- The e-mail was sent following a typo/autofill of the wrong address in the ‘to’ bar.
- The excel sheet contained aggregate figures relating to two standard industrial classification (SIC) divisions, which are not yet published.
- These data come from the low carbon and renewable energy economy survey. Higher level estimates (at section level) of all the years contained in the spreadsheet are already publicly available.
- The data in the spreadsheet could have been calculated by anyone with access to the dataset in the Secure Research Service.
- The data is not market sensitive.
- The tables are part of a bigger release on 8th November.
- The contact works at the Climate Change Authority, the Australian equivalent of the UK’s Climate Change Committee
- They immediately (within 1 minute) returned the e-mail with an [official sensitive] flag, to say they didn’t think it was for them, and then deleted it on request.
No immediate impact: no further impact expected.
Immediate: As above, the contact immediately got in touch and flagged the error. They deleted it as requested (all within 8 minutes).
Others in the e-mail chain, who were all part of the output process and were authorised to see the data, were alerted immediately not to use the reply all function.
A lessons learned will be undertaken; a reminder to all of best practice of sharing data – i.e. not via e-mail; a reminder to pause before sending data, even when under pressure; a reminder to think twice before sending e-mails late at night. This was done immediately within the relevant team but will be undertaken across the division.
The survey is consortium funded by the Department for Business, Energy and Industrial Strategy, Office for National Statistics, and the Devolved Administrations. Representatives from those organisations will be informed at the next workshop and reassured that all procedures were followed (e.g. reporting the breach). They will also be informed of the results of the lessons learned and that staff have been reminded not to share data via e-mail and to double check before sending e-mails. Members of the consortium will also be reminded not to send data via e-mail or include any sensitive/unpublished information via e-mail.