Statistics and Registration Service Bill

The amendment would require that anyone disclosing personal information through the exceptions to the confidentiality clause should seek consent from the board before doing so. The amendment would constrain the exceptions that allow disclosure of personal information. There are cases where requiring the consent of the board would be unnecessary. For example, where the information had already been lawfully made public, or where the consent of the individual had already been given, someone disclosing information through the exceptions to the confidentiality clause should not need to gain the explicit consent of the board. Requiring that people gain additional further consent from the board in those cases would only add a significant and unnecessary bureaucratic hurdle. For example, it would require statisticians in other departments to go back to the board to gain consent to publish information that they had received from the board, even when the board had already lawfully put the personal information in the public domain in one of its publications. Where the board did consider it necessary to give consent to information being published through one of the exceptions to the confidentiality clause, it could effect that through a formal agreement with the person to whom it gives the information in the first place. That would allow the board to insist on consent on those occasions when it was really required, rather than for all disclosures. There may also be instances where such a requirement as given in the amendment might place individuals under contradictory legal obligations; for example, it may be that a court order compels others who have received information from the board to release it. In that case, if the board did not give its consent to the data being disclosed under the court order, the person could be under conflicting legal requirements. Similarly, if an enactment required that information be disclosed, but the board refused consent, that person would again be under conflicting legal requirements. Noble Lords will surely understand that we do not wish to risk placing someone in such a position. The noble Baroness, Lady Noakes, asked what the operational controls were. The ONS has a wide range of security protocols and mechanisms, including declarations on confidentiality. Everyone working there signs a declaration on maintaining the confidentiality of statistical records. On physical security, all staff working in the organisation must have a pass and there is no public access to any part of the organisation where statistical data may be held. There is technical security and the ONS maintains a government-secure intranet; all transmission of personal data is conducted within the GSI network, on encrypted e-mail or password-protected CDs. On organisational security, the ONS uses a combination of survey project managers and data management teams to protect and maintain data. On disclosure of security, the ONS uses a combination of data manipulation and/or statistical disclosure techniques to meet its confidentiality guarantee, which prevents individuals being identified from aggregate data. These techniques are reviewed every five years to test their adequacy. We fully expect the board to have similar operational controls in place. The ONS has contracts for advice on statistical methodologies from the academic sector. The University of Southampton won such a contract, tendered in 1999, which provides valuable expertise, including advice on sample design and estimation methodology, as well as providing quality assurance for the ONS’s work. In the past six years, the contract has proved beneficial to both parties and the ONS has gained assistance in the development of new methods, underpinning a wide range of outputs, including those relating to quality assessments of its products and the protection of confidentiality. I hope that my description of that framework will enable the noble Earl, Lord Northesk, to withdraw his amendment.