Guidance

Analysis Directorate: confidentiality policy

Updated 30 January 2024

Overview

This policy summarises the processes which the Analysis Directorate have put in place to protect the security of our data holdings and prevent the disclosure of information about specific individuals in our statistics.

These processes have been developed in line with the requirements of the UK Statistics Authority’s Code of Practice for Statistics (specifically Principle T6: Data Governance).

We have an obligation to act ethically and safeguard the confidentiality of individuals, and to be compliant with the Data Protection Act 2018 and the Freedom of Information Act 2000.

We must comply with:

• JSP 440: The Defence Manual of Security
• JSP 400: Disclosure of Information
• JSP 200: Statistics

Many of the processes and policies set out here are covered in more detail in internal guidance documents for Analysis Directorate staff.

Analysis Directorate policy

We need to obey the law by protecting the privacy of the people and enterprises whose data we hold.

We obtain, hold and use personal data on the armed forces and civilian workforce, and this is covered by the Secretary of State’s entry in the Data Protection Register. We must not use this data for any purpose other than those stated in the register.

Analysis Directorate Data Holdings

Statistics in Analysis Directorate publications are presented at aggregate level and do not include micro data (information about specific individuals or similar small scale data). However, the Analysis Directorate holds extensive micro data covering a range of defence information, which are used in the production of our statistical outputs.

Arrangements for maintaining the confidentiality of statistical data

All staff working in the Analysis Directorate, as well as all visitors to Analysis Directorate sites, require a pass to enter the premises. There is no public access to any part of the organisation where confidential statistical data may be held.

Our data are held on secure networks and systems which have been accredited by the MOD. No micro data are held on unencrypted laptops or portable storage media, or on our website. All transmissions of micro data are conducted within restricted level MOD networks or on encrypted USB sticks.

All staff in the Analysis Directorate receive data protection training and must sign a confidentiality declaration stating that they understand their responsibilities to data confidentiality under the Code of Practice for Statistics.

Prevention of disclosure of information that could identify individuals in our statistical outputs is controlled through a range of disclosure control measures.

The Analysis Directorate has internal policies covering disclosure control and data handling which are reviewed at least every 5 years.

Arrangements for providing controlled access to data

The Analysis Directorate sometimes shares micro data with other government departments, academic researchers, local authorities, and other organisations for statistical, research or legal purposes.

In such cases, arrangements for sharing data are controlled by a Data Access Agreement, which must be approved by the Analysis Directorate’s Information Asset Owner and the Data Protection Officer. Data Access Agreements include requirements relating to physical and technical data security, and receiving organisations are subject to audit of these security arrangements.

Full details of all authorised access to Analysis Directorate micro data are available on request from us.

Further information

If you have any questions regarding this confidentiality policy, please contact the Analysis Directorate.

Owner: Director for Analysis

Author: Analysis Directorate

Issue Date: August 2020