Secure Lab at the UK Data Service

V1.0 May 2016

UK Data Service• Funded by the ESRC to support researchers who

depend on high-quality social and economic data

• Single point of access to a wide range of data including large-scale government surveys, international macrodata, qualitative studies and business microdata

• Around 7000 datasets

• Today we will focus on UKDS Secure Lab

What is Secure Lab?• Holds around sixty datasets – detailed microdata

• Data deemed more sensitive by data owners

• Same security model as VML (at ONS), HMRC Datalab and ADRN

• Accessed remotely from researchers’ institution*

• Nothing goes in or out of the Secure Lab environment without being checked by the Support Team first

* Subject to project approval, training etc.

Principles of the security modelSAFE PROJECTS

SAFE PEOPLE

SAFE DATA

SAFE SETTING

SAFE OUTPUTS

SAFE USE

What is the Data Protection Act 1998?

• The DPA 1998 provides a framework to ensure that personal information is handled properly

• Guidelines for what you should avoid when dealing with personal data

• But, it also allows you to use personal data

What is ‘personal’ data?• Data which:

• Relate to a living individual

• Make it possible for an individual to be identified from those data, or from those data and other information

• Include any expression of opinion about the individual

Data Protection Act, 1998 says…• Should only disclose personal data if consent given to do so, and if

legally required to do

• When handling personal data, it should be:

• Kept securely

• Processed in accordance with the rights of data subjects – e.g.:

• Right to be informed how data will be used, stored, processed, transferred, destroyed etc.

• Right to access info and data held

• Processed fairly and lawfully

• Obtained and processed for a specified purpose

• Adequate, relevant and not excessive for purpose

• Accurate

• Not transferred abroad without adequate protection

What is ‘sensitive personal’ data?• In the DPA, sensitive personal data is data

consisting of information relating to the data subject about defined set of categories including:

• Race• Ethnicity• Politics• Trade Union membership• Physical and mental health• Sexual life• Offences, sentences or disposals

Research exemption• Section 33 of the DPA provides limited exemptions to

some of the data protection principles where personal data are to be processed for “research purposes”.

• To qualify for the ‘research exemption’, the researcher must confirm that the personal data will not be processed:• In order to support measures or decisions with

respect to particular individuals• In a way that substantial damage or substantial

distress is, or is likely to be, caused to any data subject

Statistical disclosure control (SDC)• Carry out SDC checks on outputs to ensure they

aren’t disclosive

• Manual process carried out by two staff members

• Two approaches to SDC:

• Rules based• Principles based

• We take a principles based approach

Rules of thumb• We do have two ‘rules of thumb’

1. Threshold rule: No cells should contain less than 10 observations

2. Dominance rule: No observation should dominate the data to a huge extent

Why a threshold rule?• Threshold includes a margin of error, enabling us

to assess and clear most outputs quickly and efficiently

• 10 is rarely problematic for users but is high enough to make identification of individuals difficult

• Also about perception: • e.g. an output could for example be published

openly on a website.• small numbers can look unsafe (even if they’re

not). • Public perception of tables of small counts

could be damaging whatever the actual risk.

Threshold rule: basic• Manufacturing firms with turnover over £10m

by region.

• The RDC has a threshold rule of N=10• Is this data potentially disclosive?

RegionNumber of

firms

England 152Wales 28Scotland 53N. Ireland 3

Threshold rule & cell suppression

Tenure Gender Age group Total

Male Female <20 21 - 50 51 - 75 76 - 95

Private rent

440 451 138 472 171 110 891

Social housing

182 346 117 209 104 98 528

Owns outright

198 104 - 54 73 173 302

Owns with mortgage

280 179 - 224 225 - 459

Housing tenure in Bundesrough

Dominance rule• Either

• The sum of all but the largest two units must exceed at least 12.5% of the value of the largest unit.

• The largest unit has less than 43.75% of the total.

Rules, procedures etc.The rules and procedures we have in place are there to:

• Keep researchers operating within the law

• Comply with the requirements of data owners

• Protect data subjects

• Ensure the continued operation of Secure Lab

Questions