The privacy of data providers (households, enterprises, administrations and other respondents), the confidentiality of the information they provide and its use only for statistical purposes are absolutely guaranteed.
State civil servants and agents are subject to legislative and regulatory provisions on professional confidentiality and the obligation of discretion: these rules apply to all files and information of which they gain knowledge in the course of their work. Like all civil servants, public service statisticians are subject to these obligations. Specific rules for statistical collection are defined by Law N°51-711 of 7 June 1951 (PDF format, 40 kB): statistical confidentiality protects privacy and economic interests. The legislator has also provided particular legal texts on data of a personal nature in Law N° 78-17 of 6 January 1978 on data processing, data files and individual liberties.
Since September 2007, any civil servants taking up office in a statistical service for the first time sign a form in which they acknowledge that they have been informed that the law requires them to comply with statistical confidentiality. The form for non-civil servants (contract personnel, interviewers, temporary employees) is included in the employment contract signed between themselves and the statistical authority. Furthermore, in 2010 all the public statistical service agents hired prior to 2007 signed a nondisclosure undertaking.
The French Code pénal (Article 226-13) provides for a sentence of up to one year imprisonment and a fine of up to €15,000 for any breach of statistical confidentiality. Sanctions may be more severe in the event of a breach of the law of 1978 on data processing, data files and individual liberties.
A guide describing rules and good practice (PDF format, 196 kB) in statistical confidentiality is made available to producers responsible for protecting data.
The INSEE applies strict rules to data dissemination to make it impossible to identify any statistical units (individuals, households, businesses...). The data that is published from surveys or the population census does not allow direct or indirect identification of the respondents. For data relating to companies, no results are published if they concern less than three companies or establishments, or when a single company or a single establishment contributes over 85% to the said result.
At the INSEE, there is a unit in charge of IT processing security and there are sound physical and technical protection guidelines. The terms of application of these guidelines are examined annually in all establishments. This examination gives rise to a report enabling any corrective measures that might be deemed necessary to be taken.
An IT security rules and standards guidebook is written up for internal use ; this guidebook is updated regularly.
Within limits that are strictly defined by the law on legal obligations, coordination and confidentiality in the field of statistics and the law on data processing, data files and individual liberties, the particular requirements of specialists have resulted in the introduction of a process governing access to detailed or individual data.
The Commission nationale de l'informatique et des libertés (CNIL - National Commission for Data Processing and Individual Liberties) oversees the dissemination of data of a personal nature.
Law N°51-711 of 7 June 1951 on legal obligations, coordination and confidentiality in the field of statistics prohibits the transmission of individual data of an economic or financial nature for 25 years, and of individual information relating to facts or behaviour of a private nature for 75 years (or 25 years after the death of the person in question). After these periods of time, the data falls into the public domain.
Prior to expiry of these periods, it is the Statistical Confidentiality Committee (in french) that is responsible for enforcing strict compliance with the confidentiality of individual data. However, subject to approval issued by the Statistical Confidentiality Committee and a decision issued by the archives administration, access may be opened to individual data, in which cases contracts are then signed with the accredited researchers or bodies, and the legal obligations of statistical confidentiality then also apply to the researchers. Individual information relating to personal and family life may only be supplied for the purposes of official statistics or scientific or historical research.