1. Policy statement
This data sharing policy sets out the principles, governance arrangements and safeguards that underpin the sharing of record-level personal information (as defined by Section 39 of the Statistics and Registration Services Act 2007).
Sharing of personal information outside the Office for National Statistics (ONS) should be considered as a viable solution to facilitate access to data only if:
the need cannot be met through publishing the data (for example, access must be at the record level)
provisioning through a Trusted Research Environment (TRE) is proven not appropriate
the proposed sharing is in accordance with all relevant legislation including the Statistics and Registration Service Act (SRSA) 2007
there is public benefit to share the data for statistical purposes
the confidentiality and privacy of individuals is adequately protected
2. Scope
This policy covers any sharing of record-level personal information by the Office for National Statistics (ONS) for statistical purposes to an external party.
Personal information means information which relates to and identifies (either alone, or together with other published information) a particular person (including a corporate body). This policy does not include the dissemination of statistics and statistical research outputs, or the dissemination of aggregated data.
In this policy we use "data sharing" to refer to the process of exporting data from the UK Statistics Authority and the ONS estate to another party in accordance with all relevant legislation.
The ONS is only permitted to disclose personal information where one of several listed exemptions in the legislation apply (see Section 7: Data sharing legislation), most notably for this policy, Section 39(c) of the SRSA 2007:
[disclosure] is necessary for the purpose of enabling or assisting the board to exercise any of its functions.
All ONS data shared with third parties, unless formally approved through the exception process, must not be processed, shared, or accessed from outside the UK.
All employees of the UK Statistics Authority and the ONS, including contractors, must comply with this policy.
Back to table of contents
3. Background
The Office for National Statistics (ONS) collects, acquires, matches and links a wide range of data sources to undertake statistical research and produce meaningful and engaging statistics. The data we hold are a valuable artefact for the UK.
The primary route for provisioning access to external analysts is through secure access to de-identified data in the ONS Secure Research Service (SRS). However, there are instances where it is right and beneficial to share data directly, including with the devolved governments, where permitted by legislation.
The UK Statistics Authority and the ONS are signatories to the Concordat on Statistics. The Concordat is an agreed framework for co-operation between the UK government (including the UK Statistics Authority and the ONS) and devolved governments in relation to the production of statistics, for and within the UK, statistical standards and the statistics profession.
Back to table of contents4. Policy detail
This policy ensures that effective, accountable and transparent arrangements are in place to manage the sharing of data with third parties. These arrangements are underpinned by well-established governance, with clear roles and responsibilities, and accountabilities.
All data which could be considered identifiable to either an individual, an organisation or a business will need oversight from the Data Protection Officer and the Office for National Statistics (ONS) Legal Services team, who are members of the ONS Onward Data Sharing Group before it can be shared. This is to ensure appropriate consideration is given to all relevant legislation and privacy concerns.
Where data are not considered to be identifiable, where they have been sufficiently processed to ensure they are aggregated or anonymised by disclosure control experts, subject to appropriate agreements where necessary, and in accordance with the Code of Practice for Statistics, the aim will be to publish the data unless restrictions apply.
Requesting an onward share
When requesting an onward share, the first step is to contact the Onward Sharing Service team with a written request, which needs to be sent to: onward.sharing.service@ons.gov.uk.
Within the written request, the requesting party is responsible for providing:
a clear justification for the data share, including why onward sharing is necessary
a detailed description of the data required, including variables, time periods and whether the sharing is one‑off or ongoing
the intended statistical use of the data
a public benefit statement outlining anticipated societal value
security and confidentiality assurances, including confirmation that no further onward sharing will occur
justification for why alternatives options such as anonymous data or use of the ONS SRS are insufficient
a Data Protection Impact Assessment (DPIA) where personal data are involved
if any information relating to the request is incomplete, the Onward Sharing Service team will work with the requester to refine the request
Assessment and approval
Requests are triaged and assessed by the ONS Onward Data Sharing Group, comprising representatives from:
information asset owner (or data owner once data governance roles are embedded)
data governance teams
data protection
security
legal services
ethics
ONS Communications team where applicable
The group assesses the legal gateways, risks, public benefits and alternatives, and advises on whether onward sharing is appropriate.
Strategic oversight rests with the Chief Data Officer, while accountability for specific data assets rests with the Information Asset Owner (or Data Owner once Data Governance Roles are embedded) and the ONS Data Governance Council. Agreement from third-party data owners is required where applicable.
External recipients and transparency
All onward sharing requires a Data Sharing Agreement (DSA).
External recipients must demonstrate appropriate governance, legal compliance, and security controls.
The ONS may seek assurance or audit compliance at any time.
The ONS will retain and maintain records including:
- Data Sharing Agreements
- Memoranda of Understanding
- DPIAs
- Ethical Self Assessments
The ONS is committed to transparency and will publish information on pre‑release access, subject to lawful exemptions.
External users of ONS data are expected to articulate public benefits delivered and are encouraged to share links to published outputs.
Exceptions
Any exception to this policy, including use of ONS data for administrative purposes, must be explicitly authorised by the Permanent Secretary.
No informal or implied exceptions are permitted.
Back to table of contents5. Roles and responsibilities
Individuals who have a role in this policy
ONS staff engaged in data sharing
Responsible for:
complying with the data sharing policy
following best practice when sharing data
liaising with requesting bodies and assess the information provided by the latter in their business cases (first screening)
providing unbiased scrutiny to data sharing business cases
producing and disseminating regular and ad hoc reports on the data shares
reporting any risks and incidents related to the sharing of data
Accountable to: Permanent Secretary
Information Asset Owner
Responsible for:
an information or data asset, including the sharing of this asset
updating the ONS Information and Data Asset Register and ensuring its accuracy
referring all onward share requests through to the Onward Sharing Service to review and triage
provide the Onward Sharing Service with all the necessary information about the data asset to be able to make an informed recommendation
to be able to make a decision to proceed with the onward share based on the OSDG’s decision or to escalate via the Data Governance Council if required
Accountable to: Data Governance Council
Onward Data Sharing Group
Responsible for:
providing unbiased scrutiny to data sharing artefacts (for example, business cases and Data Sharing Agreements) (second screening)
reaching informed decisions on data shares that advise the Information Asset Owner, or escalate to the Data Governance Council and/or the Permanent Secretary when required
ensuring that a sufficient amount of information, of high quality and within specific timeframes, is provided for the transparency registers
ensuring the ONS staff are aware of the data sharing policy and guidance
Accountable to: Chief Data Officer
Chief Data Officer
Responsible for:
ensuring that all staff involved in data sharing comply with the data sharing policy through monitoring and reviewing how this policy is implemented
ensuring systems and metrics are in place to monitor data shares across the ONS data estate
approving complex data shares as and when required
escalating any risks and incidents related to the sharing of data
Accountable to: Strategic Design Committee
ONS Legal and Data Services
Responsible for:
providing legal advice and scrutiny to all data shares
providing independent scrutiny and assurance against the policy
providing independent scrutiny of ethical self-assessments
ensuring that data sharing activities remain transparent
collating and quality assuring information for the transparency registers (third screening)
set out, monitor and assess the requirements for the transparency register
Accountable to: Data Protection Officer
Data Protection Officer
The Data Protection Officer is responsible for providing advice and scrutiny to Data Protection Impact Assessments when personal data are involved.
Accountable to: Head of Legal and Data Services
ONS Communications and Digital Publishing
The ONS Communications and Digital Publishing team are responsible for reviewing the suitability and accessibility of the information published on transparency registers and assist in the publication of the transparency registers.
Accountable to: Head of Communications and Digital Publishing
Security and Information Management Team (SaIM)
Responsible for:
the oversight of all data management activities
providing oversight on the sensitivity of the data, transfer and protection mechanisms
Accountable to: Chief Security Officer
Back to table of contents
6. Supporting documents
7. Data sharing legislation
All personal information held by the Office for National Statistics (ONS) is legally protected, and unlawful disclosures are subject to a maximum criminal penalty of two years imprisonment. In some instances, legislation does permit the limited sharing of personal information, usually to limited recipients, for specific statistical purposes and subject to further safeguards. The following legislation sets out some of the ways in which information may be shared.
Section 39 Statistics and Registration Service Act 2007
Section 64 of the Digital Economy Act 2017
Section 42 of the Statistics and Registration Service Act 2007
Section 53A of the Statistics and Registration Service Act 2007
Section 9 of the Statistics of Trade Act
Back to table of contents