Guidance

SLC Statistics: Statement on data confidentiality

Updated 28 November 2024

This page was last updated/reviewed on 28 November 2024.

1. Introduction

The framework for the UK Statistics Authority’s (UKSA) Code of Practice is based on three pillars – Trustworthiness, Quality and Value.

Under the Trustworthiness pillar, Principle T6, regarding Data Governance, states:

T6.1 – “All statutory obligations governing the collection of data, confidentiality, data sharing, data linking, and release should be followed. Relevant nationally- and internationally endorsed guidelines should be considered as appropriate. Transparent data management arrangements should be established, and relevant data ethics standards met.”

T6.2 – “The rights of data subjects must be considered and managed at all times, in ways that are consistent with data protection legislation. When collecting data for statistical purposes, those providing their information should be informed in a clear and open way about how that information will be used and protected.”

T6.3 - “Organisations, and those acting on their behalf, should apply best practice in the management of data and data services, including collection, storage, transmission, access, and analysis. Personal information should be kept safe and secure, applying relevant security standards and keeping pace with changing circumstances such as advances in technology.”

T6.4 – “Organisations should be transparent and accountable about the procedures used to protect personal data when preparing the statistics and data including the choices made in balancing competing interests. Appropriate disclosure control methods should be applied before releasing statistics and data. Appropriate protocols should be applied to approved researchers accessing statistical microdata.”

T6.5 – “Regular reviews should be conducted across the organisation, to ensure that data management and sharing arrangements are appropriately robust.”

The SLC Official Statistics team complies with all of these principles.

2. SLC Security & Information Assurance

The SLC has a Corporate Security Policy which sets out the principles of:

  1. Governance and Information Risk Management;
  2. The appropriate and cost effective securing of SLC assets;
  3. The preservation of confidentiality and integrity of service and information used to deliver student finance services to stakeholders;
  4. Physical security controls;
  5. Personnel security controls; and
  6. Service recovery.

The SLC Official Statistics team is bound by and complies with all these corporate principles.

3. SLC Official Statistics data confidentiality arrangements

The data used by SLC for the compilation of Official Statistics is all taken from administrative systems. None of it is obtained via surveys.

Business Intelligence Analysts who have access to the administrative data for internal reporting functions also have access to produce anonymised summary data aggregated according to the different categories required for the Official Statistics. They extract the summary data into a secure area within the SLC network from where the Official Statistics team pick up the data and analyse it for use in the Official Statistics. No personally identifiable information (PII) data is exposed via this process.

There are cases where data at an individual level may need to be extracted into the secure area:

  1. To check cases that have “Unknown” values to decide where they should be categorised;
  2. To analyse all the individual cases using a statistical package to check that the statistical function being used (e.g. average) is statistically robust;
  3. To join data from two different administrative systems where a required category is in one system but not the other. In all cases this individual data is held in the secure area only and only reference numbers are used – not personal identifiers. Only the summary data is used in the Official Statistics publication itself.