Statistics and Registration Service Act 2007 (SRSA)
Census data confidentiality is protected by the Statistics and Registration Service Act 2007 (SRSA).
The SRSA transferred the census, and other statistical functions, to the UK Statistics Authority (referred to in the Act as the ‘Statistics Board’). Previously the census was the responsibility of the Registrar General for England and Wales.
The confidentiality provisions in the SRSA, and the duty on the UK Statistics Authority to maintain confidentiality in the census in England and Wales, have replaced the confidentiality provisions of the 1920 Census Act as amended by the Census (Confidentiality) Act 1991.
Section 39 of the SRSA prohibits the disclosure of personal information with a penalty of imprisonment for a maximum of two years, a fine, or both.
Section 40 states that where personal information is held by or on behalf of the UK Statistics Authority, it is exempt from any disclosure sought under the Freedom of Information Act.
Data Protection Act
The Act specifies that, where personal data are processed on behalf of ONS, ONS (the 'data controller') is responsible for ensuring that the contractor (the 'data processor') processes them in accordance with the data protection principles. This means that ONS must provide the contractor with adequate instructions to ensure that this happens.