How does ADR UK ensure data is used ethically and responsibly?
Data shared with researchers via ADR UK is de-identified, with rigorous safeguards in place to protect it from re-identification. The data can only be accessed through trusted research environments (TREs). These are highly secure computing environments where researchers and their projects are required to be accredited before access is granted. When accessible to researchers, data does not include any personal identifiers, with any elements that could be traced directly back to individuals – such as names, contact details or any identifying numbers – having been removed first. What is left is a set of attributes of individuals along with recorded interactions with public services, allowing for relationships between these to be analysed. Very useful for identifying trends across society, but not much use for anything else.
What safeguards does ADR UK have in place?
As well as only allowing researchers to access data after identifiers have been stripped out, ADR UK partners have rigorous safeguards in place to ensure data cannot be accessed by any unauthorised persons, or for any reason other than research that passes the public benefit test.
Researchers wishing to use the data go through a rigorous accreditation process, which includes an assessment of the ethics of the proposed research, to ensure its delivers benefit to the public and that the data access requested matches the research questions being asked.
Once researchers have received accreditation and approval, they must then access the data via a secure physical facility – or a secure connection to that facility – provided by one of the ADR UK partners. Researcher activity and outputs within these facilities are closely monitored, and outputs checked before being released, to ensure the data has not been misused in any way.
ADR UK works in line with the recommendations of the National Statisticians Data Ethics Advisory Committee (NSDEC). The NSDEC was established by the UK Statistics Authority to ensure that the access, use and sharing of public data, for research and statistical purposes, is ethical and for the public good.
Each of ADR UK’s national partnerships has a dedicated data processing partner responsible for safeguarding data and controlling researcher access to it. These include the Office for National Statistics (ONS) in England, the SAIL Databank as part of ADR Wales and the Northern Ireland Statistics and Research Agency (NISRA) for ADR Northern Ireland. In Scotland, this happens through a collaboration of partners including National Records for Scotland, the eData Research and Innovation Service (eDRIS), and the Scottish network of safe havens.
The 'Five Safes'
ADR UK operates according to the ‘Five Safes’ developed by the Office for National Statistics (ONS). The Five Safes refer to a set of established safeguards and measures to ensure data is kept safe and secure:
Safe Data: Data held within ADR UK's trusted research environments is de-identified, meaning identifiable details such as names, addresses and identification numbers are removed before data is made available for any analysis.
Safe Person: Any researcher accessing ADR UK data is assessed for their skills and suitability before being granted access to the data needed for their project.
Safe Project: The research project itself is scrutinised and must be in the public interest.
Safe Output: The researcher’s actions whilst accessing the data are monitored using keystroke technology and all outputs are checked thoroughly, with any potentially re-identifiable outliers removed.