The Forestry Commission has arrangements in place to:
- protect the security of our data holdings and uphold our guarantee that no statistics will be produced that are likely to identify an individual unless specifically agreed with them;
while at the same time
- obtain maximum value from these micro-data, once obtained, by extending access to bona-fide and authorised third parties.
Arrangements for maintaining the confidentiality of statistical data
It is Forestry Commission information security policy that all our key systems are compliant with appropriate standards. This includes BS7799.
All staff working in the Forestry Commission and all visitors to its sites require a pass to access the premises. There is no unsupervised public access to any part of the organisation where confidential statistical data may be held.
We maintain a Government Secure Intranet (GSI) network. No sensitive statistical data are held on laptops or any other portable devices or kept on unprotected portable storage media. All transmission of micro-data is conducted within the GSI network or on encrypted e-mail or password protected CDs.
We use a combination of survey project managers, data custodians, and data management teams to protect and maintain our data.
The Forestry Commission complies with the provisions of the Data Protection Act. We use a combination of data manipulation and/or statistical disclosure techniques to meet the confidentiality guarantee. These are reviewed every five years for adequacy.
For more details on how we ensure that survey data provided to us is treated in confidence, see our paper on Statistical Disclosure Control for Forestry Commission Surveys.
Arrangements for providing controlled access to micro-data
We may provide micro-data to bona fide researchers in the academic sector and to consultants undertaking research commissioned by government. Data may be released under arrangements described in a Service Level Agreement, a Concordat, contracts, and confidentiality declarations. In every case, release must be approved by the Head of Profession (HoP). The HoP’s approval gives the business area the authority to release the data. The HoP also maintains the definitive documentation of all access to data held by the organisation.
Recording the details of access authorisations
General information about the release of micro-data is available. Full details of any authorised access are available on request from the Lead Official for Statistics.
Auditing of beneficiaries of access
All beneficiaries of access are required to agree to audits of organisational, technical and physical security. The standards must be those to which the beneficiary agreed in the data access agreement.