The mandate and role of official statistics is defined in the UN Fundamental Principles of Official Statistics and in the European Statistics Code of Practice. Both the UN Principles and the European Code identify the role of official statistics in a modern democracy as an impartial and accurate source of the information needed for decision-making.
The UN Principles and the European Code both recognise that the following are essential for the compilation of official statistics:
Statistical results are published in aggregate form and enable governments and citizens to make informed choices.
Mandate and functions
The Central Statistics Office (CSO) is established by Section 8(1) of the Statistics Act, 1993. Section 10(1) of the Act specifies the functions of the CSO as follows:
“The functions of the Office shall be the collection, compilation, extraction and dissemination for statistical purposes of information relating to economic, social and general activities and conditions in the State.”
Statistical purposes
In exercising its functions, the CSO obtains information from a wide range of sources. Under the Statistics Act, the CSO’s mandate and the restrictions on use of information (Sections 10(1) and 32 of the Act) make it clear that the information collected by the CSO is used solely for statistical purposes. It may not be used for any other purpose.
Statistical work programme
The CSO publishes a Statistical Work Programme on its website, which contains the list of statistical outputs and projects conducted by the Office. This gives practical meaning to the functions described in Section 10(1):
Independence
The Director General of the CSO has sole responsibility for and is independent in relation to the statistical methodology and professional statistical standards applied by the CSO, and the contents of statistical releases and publications, under Section 13 of the Act.
Confidentiality and use of information for statistical purposes
Information obtained under the Statistics Act is strictly confidential, under Section 33 of the Statistics Act, 1993. It may only be accessed by Officers of Statistics, who are required to sign a Declaration of Secrecy under Section 21.
The CSO only publishes aggregate statistical data; statistical tables and results may not, and do not, disclose details relating to any identifiable person or business.
The full suite of legal protections accorded to data providers is set out in Part V of the Statistics Act, 1993.
Co-ordination
Under Section 10(2) of the Statistics Act, 1993 the CSO has the authority to co-ordinate official statistics compiled by public authorities to ensure, in particular, adherence to statistical standards and the use of appropriate classifications. Under Section 10(3) the CSO has the authority to assess the statistical potential of the records maintained by public authorities and, in conjunction with them, to ensure that the statistical potential is realised.
Under Section 31 of the Act, the Director General of the CSO may request any public authority to consult and co-operate with him for the purpose of assessing the potential of the records of the authority as a source of statistical information and, where appropriate and practicable, developing its recording methods and systems for statistical purposes. Public authorities must comply with such a request and must also consult the CSO if they propose to introduce, revise or extend their information systems or plan to conduct a statistical survey.
The CSO collects data under Sections 24, 26 and 30 of the Statistics Act, 1993:
Traditionally, most of the statistics compiled by the CSO have been based on surveys and censuses – i.e. on information collected under Sections 24 and 26 of the Statistics Act. However, the CSO is making increasing use of administrative records to reduce costs, to reduce the imposition of surveys on data providers, and to produce new statistical analysis and outputs.
This increasing use of administrative sources for statistical purposes is founded on the powers of access under Section 30 of the Statistics Act and the provisions for co-ordination in Sections 10(2), 10(3) and 31.
The shift from survey collection to greater use of existing data sources is not unique to Ireland. This is reflected in EU legislation on official statistics: In 2015, the basic EU regulation on European Statistics was amended to enable greater access to administrative data sources for statistical purposes (Article 17a of Regulation 223/2009 as amended by Regulation 2015/759).
Worldwide, official statisticians are making increasing use of administrative data and “big data”. In some EU Member States (e.g. the Nordic countries, the Netherlands) the national statistical system relies almost exclusively on administrative data sources. In these states, data protection law derives from the same EU data protection requirements, i.e. the General Data Protection Regulation (GDPR).
The principles relating to the processing of personal data in the GDPR recognise the secondary use of data for statistical purposes:
Article 5.1.b. : “further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)".
Section 6 of this note gives further details of the safeguards applied by the CSO in relation to all data collected for statistical processing, including data from administrative sources.
Statistical results are aggregates: tables of statistics do not disclose identifiable information about any individual and they cannot be used “in support of measures or decisions regarding any particular individual”.
Data protection law places an emphasis on lawful processing and appropriate security. These requirements apply equally to statistical processing of personal data.
The use of information for statistical purposes only, as required by Section 32 of the Statistics Act, reflects the collected for specified explicit and legitimate purposes requirement of the GDPR. The information is only used for the purpose for which it was obtained, i.e. the processing of statistics.
The GDPR recognises the special position of National Statistical Authorities. Recital 163 states:
“The confidential information which the Union and national statistical authorities collect for the production of official European and official national statistics should be protected. European statistics should be developed, produced and disseminated in accordance with the statistical principles as set out in Article 338(2) TFEU, while national statistics should also comply with Member State law. Regulation (EC) No 223/2009 of the European Parliament and of the Council (2) provides further specifications on statistical confidentiality for European statistics.”
The CSO adheres fully to this code of confidentiality.
Under the GDPR (Article 5) data must be processed
The GDPR recognises the use of data for statistical purposes where appropriate safeguards are in place and includes the following specific provisions relating to statistics:
At the heart of data protection is the protection of fundamental rights and freedoms of data subjects – i.e. rights of individual persons. In every step of processing data for statistical purposes, the CSO aims to uphold these rights.
In particular, this means the following:
Confidentiality is a core value of the CSO. The Office places a very high value on its obligation to respect statistical confidentiality and has put an extensive system of safeguards in place to protect the data which the Office receives.
Legal: All information obtained by the CSO under the Statistics Act is strictly confidential and may only be used for statistical purposes. This is specified in Sections 32 and 33 of the Act; any breach of those sections is an offence subject to significant penalties.
Personnel: All staff of the CSO are Officers of Statistics under the Statistics Act 1993 and have signed a Declaration of Secrecy under the Act. The data provided to the CSO may only be processed by Officers of Statistics and only for statistical purposes. All staff must attend regular training on statistical confidentiality and data security, including mandatory refresher courses.
Governance: The CSO’s governance structure for data protection comprises: the Confidentiality and Data Security Committee (CDSC) which reports to the Management Board; the Data Protection Officer at Assistant-Director level who oversees compliance with statistical confidentiality and data protection requirements; and the Data Office which provides support in relation to policies, awareness, training and compliance.
Data Office: The CSO’s Data Office has the pivotal role of managing policies in relation to data protection and statistical confidentiality, promoting awareness, providing training, and assuring compliance. The Data Office provides advice to CSO statistical areas on all issues related to data protection and statistical confidentiality.
Policies: The CSO has a comprehensive suite of policies in relation to roles, responsibilities and corporate rules in relation to statistical confidentiality, data security and data protection. These policies are consolidated into a single Data Management Policy, which is a central reference point for all statistical processing.
Data Classification Scheme: This is a corporate confidentiality classification system that allocates a confidentiality level (A to D) to all data held by the CSO. Detailed management rules and procedures are assigned depending on the level given. Statistical micro-data has the highest level of security (A) and the strictest rules and procedures with regard to processing of the data.
Access to statistical data: All access to statistical data is restricted and limited to relevant staff that have a legitimate business reason for that access. This access is monitored on an ongoing basis.
Access limitations: Staff access to CSO buildings is controlled electronically. Visitors to the CSO must be signed in and accompanied at all times.
IT Security: Staff access to IT systems is password-controlled. Staff only have access to the data or systems relevant to their work and these access rights are regularly reviewed. The IT systems and hardware are thoroughly protected by firewall and anti-virus security. No external access is allowed.
Tables and publications: The CSO implements thorough Statistical Disclosure Control procedures to ensure that the tables and reports it publishes do not identify any individual or business.
Administrative Data Centre: Administrative data received by the CSO is transmitted via a secure IT link to the CSO’s Administrative Data Centre (ADC). In the ADC, identifying details such as name, address, date of birth, PPSN are then pseudonymised by Statisticians who work in this area. All data received by the CSO is used exclusively for statistical analysis.
Data Lifecycle: When survey forms or other data records are no longer required for statistical purposes, they are securely destroyed. The only identifiable records retained by the CSO are Census of Population forms – under Section 35 of the Statistics Act, these become public records after 100 years. All other forms are securely destroyed.
Data Linkage: All statistical projects that involve linkage between administrative data sources are subject to the CSO’s Data Linkage Policy and must meet a Privacy Impact Assessment. The CSO publishes a register of all projects in which it links administrative data.
Formal Assessment Processes: The CSO undertakes a Data Necessity and Proportionality Assessment for each source of personal data used in the production of statistics. In addition, the CSO undertakes a Privacy Risk Assessment for each stage of statistical collection and processing of personal data, using the UN GSBPM as a standard template. The aim of these two assessment processes is to identify risks at each stage and make sure that confidentiality and data protection are respected and well-managed at every stage of collecting and producing statistics.
For further information or assistance on matters relating to Official Statistics and Data Protection Legislation within the CSO contact:
Data Office, Central Statistics Office, Skehard Road, Cork, T12 X00E. Tel +353 (21) 453 5386