Privacy in Scotland’s Census 2021

In this section you can find out more about how we protect the confidentiality of census data and ensure transparency and confidence in all that we do.

NRS has published the first version of the Scotland’s Census 2021 Privacy Impact Assessment . More details can be found in the relevant section below

Scroll down or select a category to find out more:


In all of our work, we fully recognise the importance of privacy and confidentiality.

All work undertaken as part of Scotland’s Census 2021 will be governed by various statutory requirements including the Census Act 1920, the Data Protection Act 1998, and the Code of Practice for Official Statistics. Our work depends upon the participation of individuals and as a result the maintenance and preservation of their privacy underpins everything that we do. Individuals responding to the census need to know that their information will be safe and secure, who will have access to it and how it will be used. We adhere to guidelines laid down by the Information Commissioner’s Office and will work with them as we progress towards 2021.

Relevant Legislation

Access to census data that can identify households or individuals is strictly controlled. The Census Act 1920 made it a criminal offence to unlawfully disclose confidential census data. The Census (Confidentiality) Act 1991 extended this to people and businesses working as part of the census. Anyone who unlawfully discloses census data can be fined up to £10,000 or sent to prison for up to two years, or both.

It is important to note that no one can get personal census data through a Freedom of Information request. This is set out in sections 38 and 58 of the Freedom of Information (Scotland) Act 2002, which states that personal census data is exempt from disclosure for 100 years.

The Data Protection Act 1998 controls how organisations can use personal data they hold. Its principles require everyone who collects data to follow strict rules to keep that data safe. At the heart of the Act are eight rules known as the ‘data protection principles’. These principles require any organisation that collects personal data to handle it safely. You can get more information about this from the Information Commissioner’s Office.

Privacy Impact Assessment

Privacy Impact Assessments (PIAs) are a process which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. The Information Commissioner’s Office maintains a PIA code of practice to promote good practice. There is no legal requirement to conduct a PIA but it is Scottish Government policy that one is conducted for all projects that involve personal data. Doing so helps ensure any new initiative is compliant with the relevant legislation.

A PIA seeks to identify the privacy considerations of a policy, project or programme of work in collaboration with those stakeholders who have an interest in it. It should be considered a process which is documented and regularly reviewed and updated as discussions take place and plans develop over time. This approach is essential in order to respond effectively to changing conditions and attitudes, the development of work plans, methods or approaches and technological advances and also any legislative, data security or handling requirements.

The first version of the Scotland’s Census 2021 Privacy Impact Assessment , published in January 2017, reflects that the programme is at an early stage of design and planning and many specific processes, procedures and operational aspects are not yet fully defined. We have begun to explore the various issues and would very much welcome comments and feedback from stakeholders who may help us to identify any privacy concerns, so please do not hesitate to get in touch if you have an interest in this work. You can find our contact details in the Get Involved section.

Protecting your data

We understand that people need to be confident their personal data will be held securely, so we protect it with strict security measures. Access to personal census data is tightly controlled and we keep the number of people who see it to a minimum. All NRS staff who will have access to personal census data are subject to rigorous security clearance checks.

We have our own security team, which applies UK government security standards to all areas of the census operation. We regularly review our security measures and update them when necessary.

For information about how we protected the data provided to us in Scotland’s Census 2011, see Protecting your data in the Scotland’s Census 2011 section of the website.

Get in touch

If you want to get in touch with us about any privacy or confidentiality issues, you will find our contact details from the Get Involved section.