Standard

Statement on confidentiality and data access

Updated 25 October 2023

Applies to England

Introduction

Principle T6, data governance, of the Code of Practice for Statistics describes effective data governance. This includes effective control over data access and protection of confidential information. Principle T6 states:

Organisations should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.

What you should commit to:

T6.1 All statutory obligations governing the collection of data, confidentiality, data sharing, data linking and release should be followed. Relevant nationally- and internationally-endorsed guidelines should be considered as appropriate. Transparent data management arrangements should be established and relevant data ethics standards met.

T6.2 The rights of data subjects must be considered and managed at all times, in ways that are consistent with data protection legislation. When collecting data for statistical purposes, those providing their information should be informed in a clear and open way about how that information will be used and protected.

T6.3 Organisations, and those acting on their behalf, should apply best practice in the management of data and data services, including collection, storage, transmission, access, and analysis. Personal information should be kept safe and secure, applying relevant security standards and keeping pace with changing circumstances such as advances in technology.

T6.4 Organisations should be transparent and accountable about the procedures used to protect personal data when preparing the statistics and data including the choices made in balancing competing interests. Appropriate disclosure control methods should be applied before releasing statistics and data. Appropriate protocols should be applied to approved researchers accessing statistical microdata.

T6.5 Regular reviews should be conducted across the organisation, to ensure that data management and sharing arrangements are appropriately robust.

Ofsted’s Head of Profession for Statistics is responsible for the official statistics produced by Ofsted and for making sure they are governed in line with Ofsted’s data protection policies and relevant legislation.

Confidentiality 

Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). GDPR places obligations on organisations to process personal information fairly and with transparency. 

Ofsted has an information rights and data protection team that are responsible for data protection and access to information. Ofsted also has a security & information management team that are responsible for policy, guidance and advice on information security and governance. Business Information Risk Owners and Information Asset Managers embedded in teams are responsible for the day-to-day implementation of internal policies. They make sure data resources are managed in accordance with:

  • Ofsted’s statutory obligations, including GDPR
  • the Code of Practice for Statistics and its supporting protocols 
  • this compliance statement 

Responsible statisticians are accountable for: 

  • compiling and maintaining metadata for the life cycle of each statistical resource 
  • guarding the integrity and security of their data holdings in accordance with Ofsted’s policies on security and business continuity 
  • disposal of data in line with data sharing agreements 

Most of Ofsted’s data comes from administrative sources and management information systems.  Staff who work with data receive appropriate security checks and access to administrative systems and databases is limited to those who need access to the data. Staff receive appropriate training in data security measures including data handling and a mandatory “security and data protection” training course. 

Ofsted publishes privacy notices for the different types of personal information it collects, stores and processes.

Limiting access to data 

The data Ofsted receives from other government departments and external agencies is supported through memorandums of understanding (MOUs) and data-sharing protocols. These agreements and protocols put in place the necessary mechanisms to ensure that data is: 

  • stored, used and disposed of in a safe manner. Ofsted maintains trackers, which contain destruction logs for individual datasets 
  • accessed only by those who have signed the individual declaration form (where the data sharing agreement requires it) and have received relevant training 
  • robust and accurate and has agreed processes for raising any issues and concerns 
  • only accessed by staff that are physically present at an Ofsted office and not at home (when data sharing agreements stipulate this) 
  • not released ahead of official statistics, where applicable 

Ofsted controls access to data it holds through: 

  • password protection of assets, including encrypted laptops and smart phones 
  • use of document management systems with document level access controls as well as group level controls 
  • regularly reviewing individual access levels to administrative systems and databases where data is stored 

All Ofsted staff and visitors are required to wear a pass and use it to access and move around Ofsted offices. There is no public access to any part of Ofsted’s estate where confidential data may be held. When working from home, staff must connect to Ofsted’s secure virtual private network (VPN) before access will be granted to administrative systems and staff are instructed to work in an environment that maintains the confidentiality of data.

Ofsted only shares data where necessary and it is in the interest of the public good. Data sharing agreements typically last for 12 to 24 months and are regularly reviewed and revised when necessary.

Statistical disclosure control 

Ofsted uses statistical disclosure control to ensure that individuals or groups can’t be identified from statistical data. This means that: 

  • confidential information about a person or unit (such as a household or business) is not made available 
  • different outputs from the same source, or outputs from different sources, can’t be combined to reveal information about a person or a group of people 

Ofsted uses suppression and rounding of data for disclosure control. For example, suppression of data, so that the cell value in a table (which may be disclosive where, for instance, the value is small) is not given. 

Secondary suppression of cells, where at least one other value in the row or column is also not given, ensures that suppressed values cannot be deduced through subtraction. Values of 0 and 100% may also be suppressed, for example, where all pupils in a school are eligible for free school meals. 

Rounding of cells to a multiple of a set base, such as 5, (where, for example, a true value of 3, 4 or 6 would be shown as 5) adds uncertainty to the true values of small cells and helps avoid disclosure.

Jason Bradbury
Head of Profession for Statistics
Ofsted
October 2023