Supplementary memorandum from the Exchequer
Secretary to the Treasury
When I gave evidence to the Committee's Counting
the Population inquiry I offered to write on the matter of Census
data security, in response to question 335 from Philip Dunne MP.
Data security and confidentiality of personal
information carries the highest priority for the Census. It is
central to the design of robust systems, processes and legal arrangements
with contractors. All employees of both ONS and any appointed
contractors working with Census data are bound by the 1920 Census
Act and the confidentiality provisions of the 2007 Statistics
and Registration Service Act (SRSA). Any breach of the SRSA confidentiality
provisions is a criminal offence, subject to possible imprisonment
and fines. All staff working with Census data sign a confidentiality
declaration to confirm their understanding and commitment to the
legal confidentiality undertakings. Individual Census data is
used for statistical purposes only and is protected from disclosure
for 100 years.
The procurement process for the support service
for the 2011 Census is currently ongoing, so I am not in a position
to comment on the detail of the bids. However, I can assure you
that the eventual contract that ONS places with the successful
bidder will have sufficient provisions to ensure that the service
provider will, at no stage, allow the removal from the United
Kingdom of any completed paper questionnaire, or any electronic
data or images that could in any way identify an individual. Both
the warehouse and the processing centre will be located within
the United Kingdom.
The contract will be written specifically to
warrant that the service provider protects the confidentiality,
integrity and availability of confidential information, personal
data and Census data. By providing this they must install security
measures that comply with UK HMG specifications for RESTRICTED
(Baseline) level operations.
There will be further indemnities to cover any
loss of data, changes to any location of supplier premises, the
ability to undertake full audits of systems and processes (including
an independent security audit) and for all staff to be compliant
with the ONS Census 2011 Corporate Confidentiality Agreement.
I hope this reassures you that the security
of the Census data is taken extremely seriously by ONS and by
myself, and everything possible is being done to ensure data confidentiality.
14 February 2008