Research Confidentiality - Policy

Research Confidentiality

The Continuity Forum is committed to maintaining the confidentiality of all the data it receives, stores, processes and disseminates.

We are committed to protecting confidentiality to:

• Maintain the trust and co-operation of those who own and manage administrative data sources used by us and respondents to our surveys.
• Comply with the relevant legislation, including the Data Protection Act 1998.
• Comply with Principle 5 of the Code of Practice for Official Statistics, which states that: “Private information about individual persons (including bodies corporate) compiled in the production of official statistics is confidential, and should be used for statistical purposes only”.

Our arrangements for protecting confidentiality fall into three areas, as follows:

Personnel

All staff who work with data receive training on their responsibilities and the processes in place to protect data.  Secure Physical and Network areas are provided for staff who work with confidential data.  All staff have signed and are obligated under Non-Disclosure Agreements that specifically cite their responsibility to maintain good personal security including all forms of electronic activity when using any systems or devices. Our contracts extend to and include Social Media and related forms of communication.  

Policy and Awareness training are reviewed at least once a year, with a rapid response capability should new or novel threats emerge requiring immediate action. 

Data

Our arrangements for protecting information about individual persons and organisations include:

• We provide detailed data security operational guidance for our staff.
• Respondents to our data collection exercises receive privacy notices detailing what the data will be used for and our undertakings with respect to confidentiality.
• Raw data cannot be downloaded from our central systems over the Internet; 
• Raw data cannot be downloaded onto CDs, through USB ports, to laptops etc.

Statistical Disclosure Control

We identify three types of disclosure risk in relation to the data about individual persons or the statistics derived from the data:

• Identity: If a person or persons can be identified (by either the persons themselves or someone else) then there is an identity disclosure risk.
• Attribute: If confidential information about a person or group of persons is revealed and can be attributed to the person or each person in the group then there is an attribute disclosure risk.
• Residual: If outputs from the same source or different sources/databases can be combined to reveal information about a person or group of persons then there is a residual disclosure risk.

For each of our statistical and data releases, we will assess the risk of disclosure based on the following:

• Level of aggregation of the data;
• Number of tables produced from each dataset;
• Likelihood of an identification attempt;
• Size of the population;
• Consequences of disclosure;

To minimize the risk of disclosure and maximize the utility of the statistics in our statistical releases, we will use an appropriate combination of statistical disclosure control methodologies including: table design; rounding, primary suppression, and secondary suppression. We may use software for rounding and suppression purposes where feasible.

For more information on our polices and controls please contact us directly.