Building and Developing Secure Settings
Every organisation that has joined our Group will be at a different stage of evolution with respect to how it’s secure setting is established. Organisations with established secure settings are represented at here; as well as organisations that are developing and building these facilities from scratch.
We provide a forum that enables staff working in these facilities to share experiences and best practice about how to set-up, manage, and evolve these settings. Topics discussed include:
- the use of secure technology,
- information security standards,
- auditing and assurance practices,
- risk-management profiles, etc.
- confidential sources of data for analysis/research purposes
- managing analysts and researchers
- statistical disclosure control
- amongst others!
New Group members have found the group to be an invaluable resource for finding out about how existing facilities have been established, which security standards are applied and the future steps they may consider taking to evolve their secure setting.
Understanding the Data Landscape
Legislation and Regulations
Providing access to confidential data necessary requires staff to be aware of the legislation and regulatory environment pertinent to such data. The data landscape is a constantly evolving environment, with recent notable legislation introduced that includes the Statistics and Registration Services Act, the Digital Economy Act and the recently implemented General Data Protection Regulation. In addition, specific data sources are governed by other legislation, such as the Health and Social Care Act.
Understanding how such legislation affect access to confidential data is crucial for staff to ensure they are managing their settings appropriately. We provide a useful forum for exchanging news and developments about the formation of legislation and similar regulation, to gauge the effects on their own settings.
The data landscape has changed considerably in recent years: new technology has enabled the rise of ‘Big Data’ to accumulate and be analysed. Developments in secure technology enable confidential data to be accessed more flexible.
It is important that we all keep abreast of these developments, to ensure that the secure settings they manage remain usable and relevant for the future. We constantly monitor and provide information about these developments; and crucially, how new technology can be implemented to provide secure access to confidential data.
New sources of confidential data
We use meetings to update each other about new and innovative sources of data that are made available for analysis. This is particularly relevant given the demand from analysts to access combined sources of data.
Often, we find ourselves working alone within large organisations to provide secure access to confidential data. The Group provides opportunities for staff to develop themselves by acquiring skills from other, experienced secure data access professionals.
These skills range from managing analysts, managing data in their settings, undertaking statistical disclosure control of statistical outputs, producing metadata, to name but a few.
Recently, we have worked collaboratively to produce a Competency Framework for staff working in secure settings. This enables them to advance their careers by acquiring new, and developing existing, skills; in addition, it enables secure settings to be managed efficiently to meet the needs of the many stakeholders that such facilities serve.
Statistical Disclosure Control
Statistical Disclosure Control (SDC) is the practice of ensuring that data remain confidential. In the context of a secure setting, this normally refers to checking statistical outputs produced from confidential sources of data to ensure that no entity from the data can be revealed by examining the statistics produced from the data; nor that any confidential information is released.
SDC is therefore a critical function of any secure setting. Group members have practice of SDC, and apply SDC to statistical outputs produced in their secure settings on a regular basis. We therefore provide a unique forum for exchanging expertise and practice on how to apply SDC to statistical non-data outputs.
We’re developing an SDC Handbook that can be used by anybody employed to undertake SDC of statistical outputs. This will draw on the experience of all members of SDAP, and is due to be published in August 2018.
Uses of Confidential Data
Finally, it is important that staff working in a secure setting appreciate how confidential data can be used; often because it will aid their understanding about why their roles are so important, and so that they can provide support to users of their settings.
The Group take advantage of the regular meetings to highlight innovative uses of confidential data in their own setting; this increases the knowledge of how such data are used by all other members of the Group who attend.
James Scott and Christine Woods (UK Data Service) have written a blog about the work of the group: read it here.