Information on confidentiality for data providers
One of the main conditions for the activities of the Hungarian Central Statistical Office is to preserve the trust of the data providers. The most important safeguard for this is the strict protection of data provided for statistical purposes. To this end the HCSO ensures during the whole statistical business process that the data provided for the HCSO is solely used for statistical purposes and is not accessed by any unauthorized persons.
Statistical data collections
Mandatory data collections may only be ordered by rule of law, which also serves the purposes of confidentiality. With regard to natural persons, concerning their personal data, mandatory data collections may only be ordered by a legal Act (i.e.: Act Nr. CXXXIX. of 2009. on the population census 2011 – available in Hungarian only). In case of enterprises the mandatory data collections are issued in the form of a Government Decree (i.e.: Government Decree 288/2009. (15 December) on data collections and data transmissions of the National Statistical Data Collection Program).
Data protection during data collection
During data collection the HCSO applies strict physical and IT security measures with regard to the persons collecting the data as well as the ELEKTRA system (information currently available in Hungarian only) that enables electronic data collection.
In case personal identifiers of natural persons are collected, the HCSO deletes them after having checked the data for completeness or one year after the reference period of the data collection at the latest. The only exceptions from this rule are the longitudinal surveys of the HCSO, in case of which the identifiers are preserved and managed separately from the data file for the purposes of later sampling activities, however these are only linked with the data file according to strict rules, for the sole purpose of sampling and only for the time necessary to perform it.
Data protection during data processing
Data in data processing may only be accessed by authorized HCSO personnel. All members of the HCSO staff sign a confidentiality commitment and access to internal IT systems is strictly regulated and managed. The IT systems of the HCSO are protected against unauthorised internal or external access, therefore the data stored in these systems is kept completely safe.
Data protection in dissemination
All data is checked for statistical disclosure before dissemination, in order to reduce the risk of disclosure of the statistical units to a possible minimum. When fulfilling individual requests for access to data, various tools of methodological, physical and legal protection are being applied depending on the nature of the request. Additional information may be found on statistical disclosure control methods among the rules for access to statistical data.
The data management activities of the HCSO are regularly monitored by the Eurostat, the Statistical Office of the European Union, as well as the Hungarian National Authority for Data Protection and Freedom of Information.
While performing its tasks, the HCSO takes into account several rules of law. The most important are the Regulation (EC) No. 223/2009 of the European Parliament and of the Council on European Statistics, Act. Nr. CXII. of 2011 on Informational Self-determination and Freedom of Information, Act Nr. XLVI. of 1993. on Statistics and Government Decree 170/1993. (XII. 3) on its implementation.
All internal HCSO working processes are regulated in internal regulations. On the top of the regulations concerning data protection stands the Confidentiality Policy of the HCSO, which contains the most important principles regarding statistical confidentiality. The HCSO Regulation on Data Protection sets forth more detailed rules and as a framework regulation is complemented by several other internal regulations.
These other internal regulations cover the following domains:
- IT security
- Physical security (rules for entering the premises of the HCSO, fire protection)
- Rules for access to statistical data
- Regulation (EC) No. 223/2009 of the European Parliament and of the Council on European Statistics
- Commission Regulation (EU) No 557/2013 of 17 June 2013 implementing Regulation (EC) No 223/2009 of the European Parliament and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission Regulation (EC) No 831/2002
- Act. Nr. CXII. of 2011 on Informational Self-determination and Freedom of Information
- Act Nr. XLVI. of 1993. on Statistics and Government Decree 170/1993. (XII. 3) on its implementation.
HCSO internal regulations
- HCSO Regulation on Data Protection
- HCSO Regulation on Data Access. For information please visit the Data Request page on the website of the HCSO.
The HCSO reacts in all cases where the rules of data protection are violated. In these cases several sanctions may be applied depending on the nature and seriousness of the violation.
Along this line, in case of any violation of data protection rules, sanctions of civil law or criminal sanctions as well as sanctions of labour law are available for the HCSO for use.
Sanction in civil law
These sanctions may be applied against persons in a contractual relationship with the HCSO, such as any person who requested data and violates the rules of data access set forth in the contract signed with the HCSO. In case of such violations, the HCSO has the right to terminate all existing contracts with the violating party with immediate effect and refuse access to anonymised microdata sets or access to data in safe environment for a period of 5 years.
Some conducts that violate confidentiality may have criminal consequences due to the danger they present to society. Paragraphs 177/A and 418, 423, 424 (link) of the Act Nr. C. of 2012 on the Criminal Code may be relevant also in cases of violation of statistical confidentiality and data security.