National Statistics Office - Malta
Confidentiality of Personal and Commercial Data
The National Statistics Office (NSO) holds and processes various data that are confidential because they are either personal or commercially sensitive. The Malta Statistics Authority Act XXIV of 2000 provides for the rigorous protection of personal and commercial data.
(1) Section 17 of the Act stipulates that:
"Every person appointed as an officer of statistics shall, before assuming such duties, subscribe to the oath contained in the Second Schedule".
(2) Section 40 of the Act states that:
"All information furnished by any person, undertaking or public authority under this Act shall be used only for the purpose of statistical compilation and analysis."
(3) Section 41 of the Act provides that:
(1) No information obtained in any way under this Act which can be related to an identifiable person or undertaking shall, except with the written consent of that person or undertaking or the personal representative of next-of-kin of that person, if he be deceased, be disseminated, shown or communicated to any person or body except-
(a) for the purposes of a prosecution for an offence under this Act, or
(b) to officers of statistics in the course of their duties under this Act
(2) The Minister may, with the concurrence of the Authority, by regulations, from time to time, prescribe such further prohibition on the disclosure of identifiable records or information obtained under this Act, as he may deem appropriate.
(4) Then section 44 of the Act, inter alia, provides that:
"Without prejudice to any other liability under any other law, any person who -
(b) misuses information provided under this Act or willfully discloses information relating to any identifiable person or undertaking;
shall be guilty of an offence and shall be liable, on conviction, to a fine (multa) of not less than one thousand liri, or to an imprisonment for a term not exceeding six months or to both such fine and imprisonment.
(5) In addition to the above, section 45 of the Act further provides for the following:
Without prejudice to any other liability under any other law, any officer of statistics who -
(a) acts in contravention of the oath referred to in article 17; or
(b) in the pretended performance of his functions as such officer, obtains or attempts to obtain, from a person or undertaking, any information which he is not lawfully entitled to obtain from that person or undertaking; or
(c) willfully fails to return to the Office a document or record collected from a person or undertaking under this Act, or fails to keep any document or record containing information, collected under this Act, in his custody in such manner as to ensure that unauthorized persons will not have access thereto,
shall be guilty of an offence, on conviction, be liable to a fine (multa) not exceeding one thousand liri or to imprisonment for a term not exceeding one year, or to both such fine and imprisonment".
(6) Specific measures are taken to adhere to the provisions of the Statistics Act and to preserve the confidentiality and security of data:
- All NSO staff members are required to undertake a confidentiality oath or sign a confidentiality declaration upon starting their assignment with the office.
- Each set of confidential data is controlled by the Heads of the statistical units who are responsible for protecting confidentiality.
- Access to confidential data must be authorised by the appropriate Heads of unit. Confidential data held for statistical purposes may not be used for other purposes, except where expressly permitted by legislation or where the prior permission of the data providers has been obtained.
- Statistical Units do not publish or otherwise release, statistics unless they are satisfied that there is virtually no risk to confidentiality. Outputs are scrutinised with the aim of ensuring that the risk of identification, even indirectly, of individuals is effectively eliminated.
- Internal access to identifiable individual data is only available on a need to know basis.
- The NSO does not provide access to confidential data in its possession to persons outside the office.
- Consultants and contractors employed by the NSO are subject to the same confidentiality constraints and disciplines as NSO staff members. They are required to undertake a confidentiality oath or sign a confidentiality declaration appropriate to the work on which they are employed
- Some statistical projects require the collection and storage of names and addresses. Records that include names and addresses or other information that may identify an individual are subject to controls to prevent unauthorised linkage with other data. The preferred control mechanism is to maintain the plain text information in separate files. Authorised access to such files is restricted to those with a specific requirement for the plain information.
- The NSO informs those who directly provide it with personal and commercial data of the intended use of the data. Where data is received from other organisations, any confidentiality undertakings given at the time of collection are respected.
- Confidentiality is also extended to data that would have been initially collected for administrative purposes and to which the NSO is granted access.
Where appropriate, NSO staff members receive appropriate training in IT security matters, and standards and guidelines are available to help ensure that IT security is maintained. Statistical Units do not release details of IT systems and security measures that might compromise the confidentiality or security of the data they hold.