Statistical confidentiality policy
Principle T6 of the Code of Practice for Statistics states that organisations publishing Official Statistics should look after people’s information securely and manage data in ways that are consistent with relevant legislation and serve the public good.
Read the full Code of Practice
Jisc is committed to preserving the confidentiality of the data it collects, processes and disseminates. Jisc complies with data protection and privacy legislation, and Principle T6 of the Code of Practice for Statistics, and works to maintain the trust and cooperation of those individuals who supply information for onward transmission to Jisc.
Arrangements for preserving confidentiality are as follows:
ISO 27001 accreditation
Jisc is accredited under the ISO 27001 Information Security standard. A suite of Information Security Policies is issued to Jisc staff covering a wide range of areas from information handling tp use of computing resources. Adherence to these policies is subject to a regular internal and external audit programme.
All Jisc staff receive appropriate training and guidance in the protection of personal information encountered during the course of their work. This training is updated regularly.
Data Protection guidance and policies are published on the staff intranet.
Jisc employs a qualified Data Protection Officer who monitors compliance with Data Protection Policy on a day-to-day basis.
All personal data used for statistical purposes is held on secure computer systems which are subject to stringent physical and electronic access control mechanisms. Staff access to personal data is only granted to those staff who require access for the execution of their duties. Access to personal identifiers such as names of data subjects is subject to further access restrictions and is only provided to a named subset of data analysts who require access for specific purposes. The list of staff with access to personally identifiable data is reviewed regularly.
All data transfers are made electronically using secure transfer mechanisms which use encrypted channels and may require password and/or PIN code submission. Physical transfer media such as CD, memory sticks etc. are not used to transfer personal data.
All external organisations or individuals receiving statistical data, at a level of detail at which there is risk to confidentiality of individuals, are placed under legal contracts which stipulate confidentiality requirements.
Data subjects are issued with notices which explain why data are being collected and how data will be used.
Statistical disclosure control
Jisc operates a strategy for official statistics products which is designed to prevent the disclosure of personal information about any individual.
Details of this strategy can be found at Rounding and suppression to anonymise statistics.