Organisations should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.
What you should commit to
T6.1 All statutory obligations governing the collection of data, confidentiality, data sharing, data linking and release should be followed. Relevant nationally- and internationally-endorsed guidelines should be considered as appropriate. Transparent data management arrangements should be established and relevant data ethics standards met.
T6.2 The rights of data subjects must be considered and managed at all times, in ways that are consistent with data protection legislation. When collecting data for statistical purposes, those providing their information should be informed in a clear and open way about how that information will be used and protected.
T6.3 Organisations, and those acting on their behalf, should apply best practice in the management of data and data services, including collection, storage, transmission, access, and analysis. Personal information should be kept safe and secure, applying relevant security standards and keeping pace with changing circumstances such as advances in technology.
T6.4 Organisations should be transparent and accountable about the procedures used to protect personal data when preparing the statistics and data including the choices made in balancing competing interests. Appropriate disclosure control methods should be applied before releasing statistics and data. Appropriate protocols should be applied to approved researchers accessing statistical microdata.
T6.5 Regular reviews should be conducted across the organisation, to ensure that data management and sharing arrangements are appropriately robust.
Guidance and resources
| Description | Link | Source |
|---|---|---|
| Office for Statistics Regulation (OSR) guidance that aims to increase awareness that the principles of the Code extend beyond statistics production to data sharing and access. It outlines the practices and processes that uphold these principles. | Unlocking the value of data through onward sharing | OSR |
| OSR guidance on data governance. It covers handling data to produce and publish official statistics, and making data available to external users, in ways that are transparent and accountable. | Building confidence in the handling and use of data | OSR |
| The National Statistician's Data Ethics Advisory Committee (NSDEC) considers project and policy proposals from the Office for National Statistics (ONS) and the Government Statistical Service (GSS) and advises the National Statistician on the ethical appropriateness of these. | National Statistician's Data Ethics Advisory Committee (NSDEC) | UKSA |
| NSDEC's ethics self-assessment toolkit provides an easy-to-use framework for researchers to review the ethics of their projects throughout the research cycle. | NSDEC ethics self-assessment toolkit | UKSA |
| The National Statistician’s Quality Review on privacy and data confidentiality methods brings together important evidence about statistical disclosure control. | Privacy and data confidentiality methods: a National Statistician’s Quality Review | GSS |
| A series of guidance documents on statistical disclosure control produced by the GSS and the Government Social Research Profession (GSR). | Guidance on Statistical Disclosure Control | GSS/GSR |
| Government Digital Service (GDS) guidance for public sector organisations on how to use data appropriately and responsibly when planning, implementing, and evaluating a new policy or service. | GDS Data Ethics Framework | GDS |
| A UK Government webpage with general information about data protection, including the Data Protection Act. | Data Protection Act website | UK Government |
| The Open Data Institute's (ODI) Data Ethics Canvas is designed to help identify potential ethical issues associated with a data project or activity. | ODI Data Ethics Canvas | ODI |
| Guidance from the Information Commissioner’s Office (ICO) for organisations on data legislation, governance and information management, including the Data Protection Act, the General Data Protection Regulation, and Freedom of Information requests. | ICO guidance for organisations | ICO |
| The ICO’s anonymisation code of practice describes the steps an organisation can take to ensure that anonymisation is conducted effectively, while retaining useful data. | Introduction to anonymisation guidance |
ICO |
| The UK Anonymisation Network (UKAN) offers practical advice and information to anyone who handles personal data and needs to share it. | UKAN resources | UKAN |
| The ICO's research provisions guidance discusses the research provisions in the UK GDPR and the DPA 2018 in detail. It is aimed at DPOs and those with specific data protection responsibilities in organisations undertaking research, archiving or processing for statistical purposes. | Research provisions guidance | ICO |