Organisations should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.
T6.1 All statutory obligations governing the collection of data, confidentiality, data sharing, data linking and release should be followed. Relevant nationally- and internationally-endorsed guidelines should be considered as appropriate. Transparent data management arrangements should be established and relevant data ethics standards met.
T6.2 The rights of data subjects must be considered and managed at all times, in ways that are consistent with data protection legislation. When collecting data for statistical purposes, those providing their information should be informed in a clear and open way about how that information will be used and protected.
T6.3 Organisations, and those acting on their behalf, should apply best practice in the management of data and data services, including collection, storage, transmission, access, and analysis. Personal information should be kept safe and secure, applying relevant security standards and keeping pace with changing circumstances such as advances in technology.
T6.4 Organisations should be transparent and accountable about the procedures used to protect personal data when preparing the statistics and data including the choices made in balancing competing interests. Appropriate disclosure control methods should be applied before releasing statistics and data. Appropriate protocols should be applied to approved researchers accessing statistical microdata.
T6.5 Regular reviews should be conducted across the organisation, to ensure that data management and sharing arrangements are appropriately robust.
|The Government Statistical Service’s (GSS) open data webpage contains policy and guidance, open data e-learning, examples of good practice on making data open and advice on where to go to make data open.||GSS open data webpage||GSS|
|A website that provides helpful information about data protection. The Data Protection Act controls how personal information is used by organisations, businesses or the government.||Data Protection Act website||UK Government|
|National Statistician’s guidance on interpreting and implementing the Principles in the Code that relate to the confidentiality of those statistics.||National Statistician’s Guidance: Confidentiality of Official Statistics (2009) (PDF)||GSS|
|Guidance from the Information Commissioner’s Office (ICO) for organisations on data legislation, governance and information management, including the Data Protection Act, the General Data Protection Regulation, and Freedom of Information requests.||ICO guidance for organisations||ICO|
|The ICO’s anonymisation code of practice explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. It describes the steps an organisation can take to ensure that anonymisation is conducted effectively, while retaining useful data.||ICO anonymisation code of practice||ICO|
|A guide for those who have day-to-day responsibility for data protection. It explains the purpose and effect of each principle, gives practical examples and answers frequently asked questions.||ICO data protection principles||ICO|
|The UK Anonymisation Network (UKAN) offers practical advice and information to anyone who handles personal data and needs to share it.||UKAN resources||UKAN|
|Disclosure control guidance produced by the GSS and the Government Social Research Profession (GSR) for microdata, administrative data and tables produced from surveys.||GSS/GSR Disclosure Control Guidance||GSS/GSR|
|The GSS Data Strategy provides strategic direction and an overarching plan for the GSS on the data challenges it faces. It takes into consideration the wider perspective of individual departments, devolved administrations and the UK government, as well as their existing and planned activities.||Data for the Public Good: GSS Data Strategy (2013)