GSS Logo

High quality statistics, analysis and advice to help Britain make better decisions.
 

How to avoid common breaches

The most common breaches of the Code of Practice for Official Statistics are pre-release data being sent out early, pre-release data forwarded to somebody that does not have permission to see it or statistics not being published at the required time of 9.30am. For each of these common breaches, considerations and suggested corrective actions are set out below.


Pre-release data sent to people who should not have access to it.

Considerations:

  • How many people have received the statistics in error and who?
  • Are the statistics high profile or market sensitive?
  • How long have the recipients had access to the data before the error was discovered?
  • Have the recipients shared or discussed the data with others?
  • Can the offending email or statistics be recalled or deleted?
  • Was the correct security marking applied to the pre-release access email? Should stronger words be used in the text that is sent out with pre-release access?

Corrective actions:

  1. Recall the data.
  2. If the statistics have been forwarded by somebody that was eligible to receive pre-release access, consider removing their pre-release access.
  3. Remind staff about correct pre-release protocol.
  4. Strengthen the wording of all text accompanying pre-release material.
  5. Consider further training to educate staff on their obligations under the Code of Practice.
  6. Increased management control of the processes.

Pre-release data sent out too early.

Considerations:

  • How many people received the data early?
  • Was the person that sent the data out working for the organisation that produced the statistics, or was it someone from another organisation?

If there are only a small number of trustworthy recipients, consider recalling the statistics or asking recipients to delete the email.

If a large number of recipients are involved, consider whether publication can be brought forward to give the maximum allowed 24 hour pre release access. Change the publication date on your organisation’s website and the Release Calendar on GOV.UK as soon as possible

Corrective actions:

  1. Recall the statistics.
  2. Bringing forward the release date of the publication.
  3. Remind staff of the requirements of the Code and correct process for sending out pre-release information.
  4. Review the processes involved in sending out pre release information, and make any changes that are needed.

Statistics released before their scheduled publication date.

Considerations:

  • How sensitive are the statistics and how long is it before the scheduled publication date?
  • How many people are likely to have accessed the statistics?
  • Has pre-release access to the statistics been restricted? Should you ask people with pre-release access not to disclose or discuss the statistics until further notice?

Corrective actions:

  1. Withdraw the data as soon as possible.
  2. Bring forward the time of the general release.
  3. Issue a statement on your organisation’s website alerting users to the problem.

Statistics released after 9:30am on the day of publication.

Considerations:

  • How sensitive are the statistics and how long is the delay likely to be?
  • Has pre-release access to the statistics been restricted? Should you ask people with pre-release access not to disclose or discuss the statistics until further notice?
  • Can social media channels be used to acknowledge or apologise for the delay?

Corrective actions:

  1. Consider emailing key users a copy of the release.
  2. Issue a statement on your organisation’s website alerting users to the problem
  3. Consider whether there is another way to publish the release.