What would you like to look for?

Site search
Search
What is administrative data?
  1. Home
  2. News, publications & events

How ADR UK trusted research environments (TREs) keep data secure

Category: Blogs

15 May 2026 Written by Dr Emma Gordon

Ensuring data is used securely and ethically – and maintaining public trust – is at the heart of ADR UK’s work with administrative data. In this blog, ADR UK Director Emma Gordon explains how we do this, and why it’s so crucial.  

Administrative data is created as a byproduct of public sector organisations running systems and services on behalf of the population they serve (for example, health, education, tax, benefits, or the criminal justice system). At ADR UK, we work with our partners to ensure research using this data is informing policy decisions across all four UK nations, to help society work better for everyone.  

By its nature, administrative data is very sensitive, so we only make it available to researchers under very controlled conditions. This is so we ensure our data owners and researchers comply with all relevant laws, and so that we can build trustworthiness and understanding with the public about how this data is used.  

What is a trusted research environment (TRE)? 

ADR UK provides access to administrative data for public good research through our network of four trusted research environments (also known as TREs), one in each UK nation.

A TRE is a secure data service that allows researchers to safely access and analyse sensitive datasets. This sort of data can come from a range of sources, such as surveys, information created by private organisations (often called “smart” data), as well as public sector organisations running services that create administrative data. In some cases, data from these different sources are linked, to enhance their use by helping researchers spot new connections and insights.

The Digital Economy Act (DEA), 2017 

A piece of legislation, called the Digital Economy Act, or DEA, introduced a formal accreditation process for TREs, to safely allow access to administrative data for public good research. To gain accreditation, all the controls that a TRE has in place to maintain data security are independently assessed by the UK Statistics Authority (UKSA), with accreditation being given by the independent Research Accreditation Panel (RAP). Under the DEA, an accreditation is valid for up to five years and is subject to accreditation reviews where security is checked annually. All four ADR UK TREs are DEA accredited, as well as several more across the UK.   

The Five Safes Framework and DEA accreditation

DEA accreditation of TREs is based on the internationally recognised Five Safes Framework, which provides a structured approach to protecting sensitive data. TREs need to evidence how their working practices are compliant with this framework, both to gain and maintain their accreditation.  

Here’s how this framework is used to underpin the DEA accreditation of TREs: 

  1. Safe Projects – Research proposals must be lawful, ethical and have a clear public benefit. Proposals are assessed and accredited by the RAP, with support from the National Statistician’s Data Ethics Advisory Committee (NSDEC), and a list of all accredited projects is maintained by the UKSA.

  2. Safe People – Researchers must also be accredited. This includes passing a training course in how to access the data responsibly and in compliance with the DEA. A list of accredited researchers can be found on the UKSA website and is updated monthly. 

  3. Safe Data – Before any data is made accessible to a researcher, the TRE must ensure it is not reasonably likely that the data subjects (either people or corporate bodies) can be re-identified, including when different types of data are linked together. This means all identifying information is stripped out (for example, names, addresses, NHS and National Insurance numbers), and further checks completed to ensure rare combinations of data, such as high earning individuals within a specific area, are not accessible to the researcher.  

  4. Safe Settings – Data can only be accessed by a researcher from a DEA-accredited TRE. It cannot be downloaded onto a researcher’s own systems, and there are strict controls in place to prevent this. As such, the TRE acts like a reading library, not a lending library. For the most sensitive data, a data owner can also require a researcher to only access the TRE from a secure room (for example, a SafePod). A list of all accredited TREs is maintained by the UKSA. 

  5. Safe Outputs – There are a set of controls in place within DEA-accredited TREs that ensure it is not possible for a researcher to remove data from the TRE. The only things that can be taken out are outputs that a researcher creates from their analysis (for example, the results from a statistical test, graphs or charts). For these to be released, they are first are independently checked by two TRE staff members to ensure they do not risk disclosing sensitive information. Only if the outputs pass these checks can they be taken out of the TRE by the researcher.  

By addressing the security of the data from multiple angles, the DEA uses the Five Safes Framework to create a robust and layered defence against the misuse or accidental disclosure of administrative data. Additionally, audit trails maintained by the DEA-accredited TREs provide a transparent record of who accessed what data and when. This is important to ensure staff members can respond quickly if issues arise. 

It goes without saying that a DEA-accredited TRE might also be providing researchers with access to other forms of data, such as survey and smart data. If the controls that are in place for administrative data access are not in place for these other forms of data, then DEA accreditation alone will not mitigate the risks related to data security. 

It goes without saying that a DEA-accredited TRE might also be providing researchers with access to other forms of data, such as survey and smart data. Similarly, it might be providing access to data through other legal gateways. If the controls that are in place for administrative data access through the DEA are not in place for these other forms of data, or other legal gateways, then DEA accreditation alone will not mitigate the risks related to data security and other mitigations should be in place.

Maintaining public trust 

One of the key goals of the DEA accreditation process is to ensure we maintain our trustworthiness with the public in how sensitive public sector data is used for research. This is a principle that underpins all the work of ADR UK, as we know people feel more support for administrative data being used for research when they are sure it is protected by strong safeguards and used only for public good. 

In addition to the public registers that are maintained to show which TREs, researchers and projects are accredited to access data using the DEA, ADR UK publishes Data Insights to illustrate the findings from research projects we fund. We also run an active public engagement programme, to ensure many voices contribute to our work to make it better. Take a look at our public engagement opportunities for further information.  

Keep up to date with all our work

Remember, you can subscribe to our monthly ADR UK newsletter to stay up to date with future work, and listen to our Connecting Society podcast, where we invite you to explore the fascinating world of data in more depth. 

Share this:

Cookie Extension Logo