ADR UK operates according to the ‘Five Safes’ developed by the Office for National Statistics (ONS). The Five Safes refer to a set of established safeguards and measures to ensure data is kept safe and secure:
-
Safe Data: Data held within ADR UK's trusted research environments is de-identified, meaning identifiable details such as names, addresses and identification numbers are removed before data is made available for any analysis.
-
Safe Person: Any researcher accessing ADR UK data is assessed for their skills and suitability before being granted access to the data needed for their project.
-
Safe Place: ADR UK data must be accessed in a safe and secure room within one of our trusted research environments, or otherwise via an assured connection at an accredited institution or SafePod.
-
Safe Project: The research project itself is scrutinised and must be in the public interest.
-
Safe Output: The researcher’s actions whilst accessing the data are monitored using keystroke technology and all outputs are checked thoroughly, with any potentially re-identifiable outliers removed.
Data about individuals
Administrative data is largely information about how people interact with public services or government departments. Researchers only ever have access to data which has had anything which can directly identify an individual (like names, dates of birth, full addresses) removed.
There are rigorous safeguards in place to protect it from re-identification, including strict separation of functions of those involved in the process. What is left is a set of information about unidentified individuals and their interactions with public services, allowing for relationships between these to be analysed.
This deidentified information is very useful for research, without giving away information about identified members of the public.
How is our data affected by GDPR?
Administrative data is linked and processed for research in compliance with GDPR (General Data Protection Regulations) via the ‘public task’ lawful basis.
This regulation says that processing data is lawful where it “is necessary for the performance of a task carried out in the public interest” where it is set out in law..
Who can access data for research?
Data cannot be accessed by anyone who is not authorised or for any reason other than research that passes the public benefit test. Researchers seeking to use the data go through rigorous approval processes set by the organisations responsible for the data. These include:
- checking the researcher is from a suitable research institution
- that the researcher has completed appropriate security training
- undertaking an ethics assessment of the proposed research to ensure it delivers benefit to the public and that the data access requested matches the research questions being asked.
