Information security and data protection

General data protection regulation  ensures equal legal data protection framework in the European Union. Its implementation does not change CSB activities regarding data processing, as CSB continues following both requirements on statistical confidentiality and personal data protection, as well as developing its information security management system according to international standard ISO 27001.

Information security guidelines

Further we give answers to questions important to CSB respondent related to his/her data protection.

What personal data is?

Personal data is any information on identified or identifiable person, for example, name, last name, home address, e-mail address, place of work, image of a person, information on income, information on marital status.

 

For what purpose CSB uses personal data?

The CSB carries out personal data processing for statistical purposes, implementing Official statistics programme.

Statistical purposes is collection and processing activity of any personal data needed for statistical surveys or elaboration of statistical results. Such statistical results can be used further for such purposes as policy planning and scientific research.

Processing result carried out for statistical purposes is data compiled. The CSB does not use data for administrative, surveillance and rights protection purposes. 

 

How CSB contacts respondent?

To ensure implementation of its functions, the CSB uses respondent's contact information (phone number, e-mail address) to contact the respondent regarding data collection. The CSB is not allowed to use respondent's contact information for marketing or other purposes not related to statistics.

 

What does CSB do with personal data?

The CSB collects personal data from other central and local government institutions, for example, from State Revenue Service, from enterprises, as well as from population. After these data are received, all direct personal identifiers are removed and data are stored in pseudonymisation form

The CSB publishes only statistical information without identifiable or traceable personal data. Moreover, the CSB carries out appropriate measures to protect personal data against theft, damage or illegal processing. In compliance with strict conditions, the CSB allows use of anonymized data for carrying out statistical researches.

The CSB never passes identifiable data to third parties, of which, to other state institutions.

 

What data protection measures the CSB carries out?

The CSB protects respondent data with appropriate technical and organizational measures, of which main are:

  • Respondent data are stored in a secure environment. Only authorized CSB employees can access these data.
  • After finishing initial data processing processes, identifiers are removed from the data. It means that individual data will never be included in survey files, for example, names, addresses or personal codes.
  • All CSB employees have signed for observance of confidentiality.
  • The CSB uses data only for statistical and scientific purposes. According tStatistics law the CSB is forbidden to use data for administrative, surveillance and judicial protection purposes. Moreover, the CSB is not allowed to use data for marketing purposes.
  • There is Data protection specialist in the CSB. This employee monitors how CSB processes personal data and maintains Personal data processing register.

 

What is data processing?

"Processing” is any personal data or set of personal data related activity or set of activities carried out with or without automated tools, for example, collection, registration, organization, structuring, storage, customization or modification, recovery, viewing, use, disclosure by sending, disseminating or making them available otherwise, coordination or combination, limitation, deletion or destruction.

To ensure honest and transparent processing regarding data subject, the CSB follows these personal data processing principles:

  • legality, integrity and transparency;
  • data minimisation;
  • accuracy;
  • integrity and confidentiality;
  • accountability.

More information on the subject can be found in Data State Inspectorate homepage.

 

How CSB will follow data protection in estimation of the number of population?

Number of population is one of main basic indicators of the country. Every year the CSB estimates the number of population using personal data available in state registers. More than 200 indicators are used for each person to estimate with logical regression method whether the person lives in Latvia, or abroad. The personal data obtained CSB uses not only for calculations, but also for update, comparability and quality control. Such procession is carried out in the public interest and it is provided for in Statistics law, which in addition foresees measures for sensitive data protection purposes.

 

What regulates CSB activities in data protection area?

The CSB follows confidentiality requirements set in the Statistics law, as well as in the regulation No 223/2009 "On European statistics” and European Statistics Code of Practice .

Starting with May 25, 2018, General Data Protection Regulation No 679/2016 is binding in the CSB, which determines personal data processing purposes, processes and use of technologies and is binding to all organizations, which process data of the EU citizens.

 

Who monitors data protection in Latvia?

Data State Inspectorate monitors how legal acts are followed in personal data protection area.

 

CSB contact information on data protection

To learn more on data protection measures taken by the CSB, please contact our data protection specialist, sending e-mail to datuaizsardziba@csb.gov.lv

Share this page: