Transparency data

Confidentiality policy and data management approach

Published 22 April 2026

Purpose

All Department for Work and Pensions (DWP) official statistics are produced and published in line with the Code of Practice (the Code), regulated by the Office for Statistics Regulation (OSR).  

The framework for the Code of Practice for Statistics is based on 3 principles: 

• trustworthiness – having confidence in the people and organisations that produce statistics and data
• quality – using suitable data and appropriate methods that produce assured statistics
• value – producing statistics that benefit the public by informing and supporting decision making, action and debate

Trustworthiness includes standards on managing data responsibly, and requires all producers of official statistics to publish a confidentiality policy and data management approach.

This document provides information on DWP standards in line with the Code on:  

• data management approach 4.1: be ethical in how you collect, access, use and share data to serve the public good and be transparent about your approach in a published data management policy
• confidentiality policy 4.5: protect the confidentiality of individual and business information when producing statistics, be transparent about the choices made in line with the producer’s published confidentiality policy and apply appropriate disclosure control methods before release

DWP has its own data protection policies and procedures to support compliance with the UK General Data Protection Regulation and the Data Protection Act 2018.

This policy reflects the wide range of uses to which data is put within the department, including the production of statistics. 

We only give access to personal data to external bodies where there is a legal gateway and lawful basis to do so (this includes research done under contract for DWP). 

Data as Statistics are responsible for most of the official statistics produced by DWP. The Head of Data as Statistics, Steve Ellerd-Elliott, is also our Chief Statistician and Head of Profession for Statistics and therefore has overall responsibility for all DWP official statistics. 

Confidentiality and access – general policy statement 

We protect the security of our data holdings in order to protect people’s privacy, meet legal requirements and uphold our guarantee that no statistics will be produced that are likely to identify an individual. We also make sure we get maximum value from the data we hold for statistical purposes.

Staff are given information security training on a regular basis. Data handlers are provided with additional training on the Data Protection Act, including confidentiality of personal information, and they are required to sign to say that they have received this training. 

The majority of data accessed by analysts is anonymised. Access is business-case controlled based on the minimum data required. 

Physical security 

All staff working in DWP and all visitors to its sites require authority and photographic passes to access the premises. In most locations, there are further internal security doors, segregating areas of higher sensitivity. 

Confidential statistical data is held in a secure environment and access is strictly controlled in line with departmental policy. 

Technical security 

DWP maintains a secure technical environment in order to protect the confidentiality, integrity and availability of information. Access to the DWP network is controlled by layered authentication using a combination of physical token, password and pin.

In addition, a number of technical controls are present to prevent unauthorised access and data leakage.

Organisational security 

DWP has a single senior information risk owner (SIRO) and for each of the department’s major business areas, there is a Deputy SIRO who is responsible for promoting good information management and security across their area of responsibility. There is also a Chief Data Officer and Chief Digital and Information Officer. 

For individual datasets, DWP assigns accountability for data security and confidentiality to nominated Information Asset Managers (IAMs). They ensure that specific information assets are handled and managed appropriately. 

Government Legal Department has teams who are responsible for security and data protection policies that support IAMs. The Knowledge and Information Management Division is responsible for the policies, practices and process for the recording and exploitation of departmental information.

Disclosure security 

Disclosure control techniques are always implemented before official statistics are released. As an additional protective measure, details of the methodology are not published.

Where a sample data extract has been used for official statistics, the data are grossed and rounded to provide an estimate of the true number before release. 

Where a 100% data extract has been used for official statistics, we use statistical disclosure techniques to help ensure confidentiality is maintained.

Arrangements for providing to third parties 

The department may contract third parties to conduct research on its behalf. This will only happen when they meet the necessary data handling conditions, security requirements, prescribed standards and followed the Security Assurance for Research and Analysis framework.

In the case of contracted analysis, we carefully review the data being provided, only providing the minimum amount of data needed, doing as much as possible to minimise risk of re-identification, and put in place a clear contract setting out data handling, retention, destruction principles.

Recording the details of access authorisations 

All authorisations for access to private information are recorded and details of accesses to such information are recorded for auditing and compliance purposes. 

Contact information

Contact DWP by email at statistics.hopsupport@dwp.gsi.gov.uk.