1. Policy statement

This data sharing policy sets out the principles, governance arrangements and safeguards that underpin the sharing of record-level personal information (as defined by Section 39 of the Statistics and Registration Services Act 2007).

Sharing of personal information outside the Office for National Statistics (ONS) should be considered as a viable solution to facilitate access to data only if:

  • the need cannot be met through publishing the data (for example, access must be at the record level)

  • provisioning through a Trusted Research Environment (TRE) is proven not appropriate

  • the proposed sharing is in accordance with all relevant legislation including the Statistics and Registration Service Act (SRSA) 2007

  • there is public benefit to share the data for statistical purposes

  • the confidentiality and privacy of individuals is adequately protected

Back to table of contents

2. Scope

This policy covers any sharing of record-level personal information by the Office for National Statistics (ONS) for statistical purposes to an external party.

Personal information means information which relates to and identifies (either alone, or together with other published information) a particular person (including a corporate body). This policy does not include the dissemination of statistics and statistical research outputs, or the dissemination of aggregated data.

In this policy we use "data sharing" to refer to the process of exporting data from the UK Statistics Authority and the ONS estate to another party in accordance with all relevant legislation.

The ONS is only permitted to disclose personal information where one of several listed exemptions in the legislation apply (see Section 7: Data sharing legislation), most notably for this policy, Section 39(c) of the SRSA 2007: 

[disclosure] is necessary for the purpose of enabling or assisting the board to exercise any of its functions. 

All ONS data shared with third parties, unless formally approved through the exception process, must not be processed, shared, or accessed from outside the UK. 

All employees of the UK Statistics Authority and the ONS, including contractors, must comply with this policy.  

Back to table of contents

3. Background

The Office for National Statistics (ONS) collects, acquires, matches and links a wide range of data sources to undertake statistical research and produce meaningful and engaging statistics. The data we hold are a valuable artefact for the UK.

The primary route for provisioning access to external analysts is through secure access to de-identified data in the ONS Secure Research Service (SRS). However, there are instances where it is right and beneficial to share data directly, including with the devolved governments, where permitted by legislation. 

The UK Statistics Authority and the ONS are signatories to the Concordat on Statistics. The Concordat is an agreed framework for co-operation between the UK government (including the UK Statistics Authority and the ONS) and devolved governments in relation to the production of statistics, for and within the UK, statistical standards and the statistics profession.

Back to table of contents

4. Policy detail

This policy ensures that effective, accountable and transparent arrangements are in place to manage the sharing of data with third parties. These arrangements are underpinned by well-established governance, with clear roles and responsibilities, and accountabilities.

All data which could be considered identifiable to either an individual, an organisation or a business will need oversight from the Data Protection Officer and the Office for National Statistics (ONS) Legal Services team, who are members of the ONS Onward Data Sharing Group before it can be shared. This is to ensure appropriate consideration is given to all relevant legislation and privacy concerns.

Where data are not considered to be identifiable, where they have been sufficiently processed to ensure they are aggregated or anonymised by disclosure control experts, subject to appropriate agreements where necessary, and in accordance with the Code of Practice for Statistics, the aim will be to publish the data unless restrictions apply.

Requesting an onward share

When requesting an onward share, the first step is to contact the Onward Sharing Service team with a written request, which needs to be sent to: onward.sharing.service@ons.gov.uk.

Within the written request, the requesting party is responsible for providing:

  • a clear justification for the data share, including why onward sharing is necessary

  • a detailed description of the data required, including variables, time periods and whether the sharing is one‑off or ongoing

  • the intended statistical use of the data

  • a public benefit statement outlining anticipated societal value

  • security and confidentiality assurances, including confirmation that no further onward sharing will occur

  • justification for why alternatives options such as anonymous data or use of the ONS SRS are insufficient

  • a Data Protection Impact Assessment (DPIA) where personal data are involved

  • if any information relating to the request is incomplete, the Onward Sharing Service team will work with the requester to refine the request

Assessment and approval

Requests are triaged and assessed by the ONS Onward Data Sharing Group, comprising representatives from:

  • information asset owner (or data owner once data governance roles are embedded)

  • data governance teams

  • data protection

  • security

  • legal services

  • ethics

  • ONS Communications team where applicable

The group assesses the legal gateways, risks, public benefits and alternatives, and advises on whether onward sharing is appropriate.

Strategic oversight rests with the Chief Data Officer, while accountability for specific data assets rests with the Information Asset Owner (or Data Owner once Data Governance Roles are embedded) and the ONS Data Governance Council. Agreement from third-party data owners is required where applicable.

External recipients and transparency

  • All onward sharing requires a Data Sharing Agreement (DSA).

  • External recipients must demonstrate appropriate governance, legal compliance, and security controls.

  • The ONS may seek assurance or audit compliance at any time.

The ONS will retain and maintain records including:

  • Data Sharing Agreements
  • Memoranda of Understanding
  • DPIAs
  • Ethical Self Assessments

The ONS is committed to transparency and will publish information on pre‑release access, subject to lawful exemptions.

External users of ONS data are expected to articulate public benefits delivered and are encouraged to share links to published outputs.

Exceptions

Any exception to this policy, including use of ONS data for administrative purposes, must be explicitly authorised by the Permanent Secretary.

No informal or implied exceptions are permitted.

Back to table of contents

5. Roles and responsibilities

Individuals who have a role in this policy

ONS staff engaged in data sharing 

Responsible for:

  • complying with the data sharing policy 

  • following best practice when sharing data 

  • liaising with requesting bodies and assess the information provided by the latter in their business cases (first screening) 

  • providing unbiased scrutiny to data sharing business cases 

  • producing and disseminating regular and ad hoc reports on the data shares 

  • reporting any risks and incidents related to the sharing of data

Accountable to: Permanent Secretary

Information Asset Owner

Responsible for:

  • an information or data asset, including the sharing of this asset 

  • updating the ONS Information and Data Asset Register and ensuring its accuracy

  • referring all onward share requests through to the Onward Sharing Service to review and triage

  • provide the Onward Sharing Service with all the necessary information about the data asset to be able to make an informed recommendation

  • to be able to make a decision to proceed with the onward share based on the OSDG’s decision or to escalate via the Data Governance Council if required

Accountable to: Data Governance Council

Onward Data Sharing Group

Responsible for:

  • providing unbiased scrutiny to data sharing artefacts (for example, business cases and Data Sharing Agreements) (second screening) 

  • reaching informed decisions on data shares that advise the Information Asset Owner, or escalate to the Data Governance Council and/or the Permanent Secretary when required 

  • ensuring that a sufficient amount of information, of high quality and within specific timeframes, is provided for the transparency registers 

  • ensuring the ONS staff are aware of the data sharing policy and guidance 

Accountable to: Chief Data Officer

Chief Data Officer

Responsible for:

  • ensuring that all staff involved in data sharing comply with the data sharing policy through monitoring and reviewing how this policy is implemented 

  • ensuring systems and metrics are in place to monitor data shares across the ONS data estate  

  • approving complex data shares as and when required 

  • escalating any risks and incidents related to the sharing of data

Accountable to: Strategic Design Committee

ONS Legal and Data Services

Responsible for:

  • providing legal advice and scrutiny to all data shares 

  • providing independent scrutiny and assurance against the policy 

  • providing independent scrutiny of ethical self-assessments 

  • ensuring that data sharing activities remain transparent 

  • collating and quality assuring information for the transparency registers (third screening) 

  • set out, monitor and assess the requirements for the transparency register

Accountable to: Data Protection Officer

Data Protection Officer

The Data Protection Officer is responsible for providing advice and scrutiny to Data Protection Impact Assessments when personal data are involved.

Accountable to: Head of Legal and Data Services

ONS Communications and Digital Publishing 

The ONS Communications and Digital Publishing team are responsible for reviewing the suitability and accessibility of the information published on transparency registers and assist in the publication of the transparency registers.

Accountable to: Head of Communications and Digital Publishing

Security and Information Management Team (SaIM) 

Responsible for:

  • the oversight of all data management activities 

  • providing oversight on the sensitivity of the data, transfer and protection mechanisms

Accountable to: Chief Security Officer

     
Back to table of contents

7. Data sharing legislation

All personal information held by the Office for National Statistics (ONS) is legally protected, and unlawful disclosures are subject to a maximum criminal penalty of two years imprisonment. In some instances, legislation does permit the limited sharing of personal information, usually to limited recipients, for specific statistical purposes and subject to further safeguards. The following legislation sets out some of the ways in which information may be shared.

Section 39 Statistics and Registration Service Act 2007

Section 64 of the Digital Economy Act 2017

Section 42 of the Statistics and Registration Service Act 2007

Section 53A of the Statistics and Registration Service Act 2007

Section 9 of the Statistics of Trade Act

Back to table of contents