Statistics Iceland's Rules of Procedure for Treating Confidential Data
Statistics Iceland's Rules of Procedure for Treating Confidential Data
Art. 1 Confidential data – public data
Art. 2 Statistical data
Art. 3 Confidentiality obligations of the staff
Art. 4 Preserving confidential statistical data on paper
Art. 5 Preserving confidential electronic data
Art. 6 Staff access to computerized confidential data which is for statistics
Art. 7 Utilising confidential data for research
Art. 8 Monitoring the preservation and destruction of confidential data
Art. 9 The bases for these Rules
Art. 10 Entry into force
Confidential data – public data
In these Rules of Procedure, the terms confidential data, confidential information and confidential matters refer to data, information and requests which Statistics Iceland and its employees are to keep secret. Data or information of this sort may not be passed on to third parties, neither verbally, in writing nor electronically, and regardless of whether public or private parties are involved, cf. however Article 2.
Public data or information refers to items which there is no requirement to keep secret and which may be published according to laws, rules or tradition.
The term administrative registers refers to registers or data banks which are maintained by government authorities for their operations, which regard specified natural or legal entities, and which might be used for statistical purposes. The data in such registers may be either confidential data or public data.
The term administrative records refers to information which is compiled due to the needs of public administration but which might also be used for statistics.
All information which is gathered by Statistics Iceland for statistical purposes and which concerns specified natural or legal entities must be kept confidential. The same applies to information on natural and legal entities in the administrative registers which Statistics Iceland uses for statistical purposes. In the case of administrative registers and records, however, Statistics Iceland is authorised to provide the respective government authority with confidential information from the data that this authority has previously taken part in collecting or has provided to Statistics Iceland.
When publishing and disseminating statistics, care must be taken that information cannot be traced to specific natural or legal entities. Exceptions may be made to this when the respective natural/legal entity has consented to this sort of publication or in the case of administrative records or information which does not have to be kept confidential.
Confidentiality obligations of the staff
Statistics Iceland employees are required to maintain confidentiality and show the utmost discretion concerning any confidential data, confidential information or confidential matters which they become aware of in their jobs and which should remain confidential. Furthermore, employees shall treat all other information about individuals and legal entities with caution and respect, even in the case of public information.
Confidentiality on the job is especially covered by the provisions of Article 18 of the Government Employees Act, No. 70/1996, which reads as follows:
“Each employee is obliged to observe confidentiality in regard to matters of which he gains knowledge in his work and shall be regarded as confidential according to law, the instructions of superiors or by the nature of the matter. The obligation of confidentiality remains even if the employee concerned leaves his employ.”
When employees are hired at Statistics Iceland, they are to be informed of the rules and duties pertaining to confidential information and its treatment. Employees shall also be informed of the United Nations' Fundamental Principles of Official Statistics, the European Statistics Code of Practice as well as the Act on the Protection of Privacy regarding the Processing of Personal Data. Every employee shall sign a pledge of confidentiality before commencing work. This applies to all staff, whether permanent or temporary, including those who work on surveys, regardless of whether it is for longer or shorter periods, regularly or irregularly. The pledge of confidentiality is part of the job contract, and upon the employee's signing the contract, her/his attention shall be called in particular to this pledge.
Preserving confidential statistical data on paper
Confidential statistical data on paper shall be kept secure during processing, but destroyed once utilisation is complete. Department Heads, in consultation with the Division Directors, shall decide how long such data are to be preserved after the completion of recording, processing and publishing. Normally, these data shall not be kept for a longer period than can be assumed sufficient for possible errors or uncertainties to come to light which require the availability of the original data. Data shall be preserved in specific, marked boxes in locked storage, with it noted on the boxes when the data are to be destroyed.
The confidential data mentioned in the present Article are intended only for producing statistics and are collected on the presumption that they will be destroyed after utilisation. Thus, such information does not fall under legal provisions on the requirements of submission to the National Archives and in general shall not be submitted for preservation there.
Preserving confidential electronic data
Electronically recorded confidential statistical data shall be kept in a secure manner so long as processing lasts, but once utilisation is complete they shall either be destroyed or the personal identities in them be obliterated or encrypted. This type of data is allowed to retain the identities of the respective natural or legal entities as long as the survey and processing continue and for a limited time after publication of the statistical reports for which the data were utilized. Department Heads, in consultation with the Division Directors, shall decide whether there is reason to preserve such data after processing and publishing are finished, and if so, how long such data are to be preserved. Normally, the electronic data shall not be kept for a longer period than can be assumed sufficient for possible errors or uncertainties to come to light which require the availability of the original data.
When there is considered reason to preserve electronically recorded confidential data over a long period for further research inside or outside Statistics Iceland, the personal identities in them shall be obliterated or encrypted. Should the data be independent, so that no reason can be foreseen to link them with other data at a later stage or should that be considered undesirable, the personal identities in the data shall be obliterated once and for all. On the other hand, if it is considered desirable to preserve the potential for linkages at a later stage, the personal identities in the data shall be encrypted by a recognised method, according to special rules thereon.
Staff access to computerized confidential data which is for statistics
Confidential electronic data which is for statistics shall be accessible only to those employees working with the data. The network administrator at Statistics Iceland shall control employee access to computer files, under supervision of the Director-General. Access shall be limited to the employee(s) needing it because of their work. The decision to grant an employee access to confidential data other than what the concerned person or that person's closest supervisor is directly responsible for, due for instance to research projects, linkage with other data, or software engineering, shall be made by the Director-General. This decision shall be in writing, signed by the Director-General and a Division Director and must indicate how long the authorisation is to remain valid.
Utilising confidential data for research
A. General statistical data
The Director-General may grant access to a data base containing confidential data on individuals and firms, which are not considered sensitive according to the Protection of Privacy Act, or authorise that the data base or parts thereof can be made available to third parties for research purposes, according to the provisions of this Article. The access to and the utilisation of such data shall be subject to the following preconditions:
1. That identities of individuals and firms have been obliterated or encrypted and measures been taken to the extent possible to prevent that data can be traced to identifiable individuals or firms.
2. That the research is to be conducted by a certified or trustworthy research agent as evaluated by the Confidentiality Committee according to Section C of the Article.
That the research agent has applied for access to a specified data set to be used for a specific research project, submitted a research plan and shown the relationship between the research and the data requirements.
B. Sensitive personal information
The Director-General may also grant access to a data base containing sensitive personal information as defined by the Protection of Privacy Act, subject to the following preconditions:
1. The research agent has been granted permission for such access by the Data Protection Authority and if applicable the National Bioethics Committee has recommended the research project.
2. The preconditions of Section A, clauses 2 and 3, are satisfied.
3. The research agent pledges to obliterate or return to Statistics Iceland all identifiable confidential data when the research project has been completed in order that no such data remain with the said agent.
C. Confidentiality Committee
Statistics Iceland shall operate an internal Confidentiality Committee composed of the Division Directors and chaired by the Deputy Director-General. The Committee shall review and decide on applications for access to and utilisation of confidential data and lay down which preconditions and restrictions such access or utilisation shall be made subject to in each case. The Committee shall consider in particular whether it is desirable or feasible that Statistics Iceland becomes a partner in a research project under consideration, whether the data requested should be deemed as sensitive according to Article 2 of the Protection of Privacy Act no. 77/2000, and whether permissions granted by the Data Protection Authority entail that identifiable data may be made available. The Confidentiality Committee shall function according to rules of procedure laid down by the Director-General; these shall be published on the Statistics Iceland website for guidance for prospective applicants for access to confidential data.
Monitoring the preservation and destruction of confidential data
The Division Directors and Department Heads of Statistics Iceland are responsible for preserving or, as applicable, destroying confidential data, cf. Articles 4 and 5 of these Rules of Procedure. They shall always consult with the Director-General about any matters of opinion which might arise. Every year, Division Directors shall investigate and report to the Director-General how confidential data are kept, what data are preserved and how, which data have been or will be destroyed, and when and how.
The bases for these Rules
These Rules of Procedure are established on the basis of and with regard to the following acts and rules:
1. Act on Statistics Iceland, No. 24/1913.
2. The United Nations' Fundamental Principles of Official Statistics.
3. The Code of Practice of Official Statistics as published by Announcement no. 578/2006 in the Official Gazette.
4. Council Regulation (EC) No 322/97 on Community Statistics.
5. Commission Regulation (EC) No 831/2002 implementing Council Regulation (EC) No 322/97 on Community Statistics, concerning access to confidential data for scientific purposes.
6. Commission Regulation (EC) No 1104/2006 amending Regulation (EC) No 831/2002 implementing Council Regulation (EC) No 322/97 on Community Statistics, concerning access to confidential data for scientific purposes.
7. The Information Act, No. 50/1996.
8. Government Employees Act, No. 70/1996.
9. Administrative Procedures Act, No. 37/1993.
10. Act on the Protection of Privacy as Regards the Processing of Personal Data, No. 77/2000.
Entry into force
These Rules of Procedure shall take effect immediately thereby replacing the previously published Rules of 8 October 2004.
Reykjavík, 29 December 2006