Data Architecture principles
2. Data is secure
- Last reviewed
- 4 June 2026
- Owner
- Head of Architecture
All confidential, sensitive or personal data will be protected from unauthorised access or use.
Why data is secure
DfE has a legal and moral obligation to keep personal, confidential or sensitive data secure, and we must ensure that uses and users of the data conform with this obligation.
In the case of personal data in particular, we can only use it for the legal purposes as legislation permits.
Pre-release access to statistical data must also be highly controlled as there are strong legal limits around what may be shared before publication, and commercially sensitive data may inhibit the department’s ability to manage its contracts effectively if it is shared inappropriately. DfE also a large amount of children’s data, which it must safeguard.
How data is secure
We adhere to DfE's Data Classification standard, to ensure we correctly classify data stores in terms of the sensitivity of data they contain. This will include reference to cross-government standards around data classification, but DfE specific sensitivity labelling should be used if needed.
DfE’s Information Asset Register (opens in new tab, DfE SharePoint users only) must be used as a central, authoritative repository for these policies. It must also record the legal basis on which we are allowed to process the data we hold and the restrictions that apply to any onward sharing or other use of the data.
Our Data Classification standard articulates clear standards in terms of the ways data at different classification levels should be protected. We must ensure those standards are adhered to by all our services, both at design time and during service operation. Our Data Handling standard requires clear decisions about who can access different classification levels.
Security must be applied at the data level, not just the application level, and must apply equally to copies, database logs and backups.
Security must be designed into data elements from the start of service development. Systems, data and technologies must be protected from unauthorised access and manipulation, and this protection should be tested before any release involving data assets.
A strong system of monitoring must be in place to ensure we are alerted to unauthorised access or use of DfE’s data, whether that resides in individual applications or common data stores.
Data may be held in un-anonymised form but must be suitably anonymised before being presented to end users or removed from production security-level environments.
This principle also relates to Data is obtainable – we must ensure the right balance between accessibility and security.