Presentation on theme: "Accessing and managing data in a secure environment: the Secure Data Service Matthew Woollard Head of Digital Preservation and Systems, UKDA The significance."— Presentation transcript:
Accessing and managing data in a secure environment: the Secure Data Service Matthew Woollard Head of Digital Preservation and Systems, UKDA The significance of data management for social survey research Workshop, Essex 27 January 2009
UKDA Access Modes Differing access modes for different data End User Licence Special conditions Special Licence / Approved Researcher Secure Data Service (forthcoming)
End User Licence Anonymised data, reduced detail (high level geographies, banded ages, outliers (e.g., very large households) removed, etc) Users register and give details of usage Sign standard end user licence; promise not to share with unregistered users; not to try to identify individuals; to cite properly; to return publication references Data acquired through direct download of zipped data and documentation Tens of thousands of downloads per year
Special Conditions Depositor Driven Condition As EUL in terms of data detail and methods of access, but users agree additional special conditions for usage at the time of ordering. Conditions vary and may include needing to have explicit depositor permission to access the data, requirement to destroy data after usage, requirement for a special form of citation, etc. Often invoked for data considered somehow more sensitive
Special Licence / Approved Researcher Primarily result of new Statistics Act Enables access to more highly detailed data (unbanded age, lower levels of geography, more detailed SOC codes) More vigorous vetting procedure by both UKDA and ONS with special forms, special licence which specifies things like the conditions under which the data should be housed and handled Receive Guide to Good Data Housekeeping along with data download from a restricted download area Hundreds rather than tens of thousands uses p.a.
Secure Data Service Two-year pilot began 1 October 2008 ESRC-funded and ONS-approved Remote access to sensitive and disclosive data held centrally All computation on secure server in secure (UKDA) premises; no data on local machines Outputs vetted for disclosure issues before release Expecting dozens of users in first instance NOT hundreds.
Security Plan Safe Data Safe People Safe Places Safe Outputs
Safe Data Levels of protective marking TOP SECRET SECRET CONFIDENTIAL RESTRICTED PROTECT Source: HMG Security Policy Framework
Restricted classification If accidentally or deliberately compromised will (amongst other things…): cause substantial distress to individuals; cause financial loss or loss of earning potential or to facilitate improper gain or advantage for individuals or companies; breach proper undertakings to maintain the confidence of information provided by third parties; to breach statutory restrictions on disclosure of information; affect diplomatic relations adversely. Source: HMG Security Policy Framework
Safe People Registration with UKDA Institutional Agreement (not yet confirmed) Approved Researcher process [ONS] Authorised Researcher process [non-ONS] Training Agreements SDS Agreement Breaches Policy. Hefty individual and institutional penalties Authentification to SDS via Athens or Shibboleth
Safe Places Central server security systems (hardware, software, networks, etc.) premises CITRIX security for remote connection – virtual safe place Possible safe remote access facility – currently in discussion as to whether/when necessary Audit trails key strokes logged activity monitored
Citrix System Architecture
Safe Outputs Training is key Use of the system Responsibilities in law Good data housekeeping Statistical disclosure control identifying disclosure consequences of disclosure Freedom to play on the central server; data vetting only at point of removal from system Pilot use of automated disclosure assessment tools
Safe Service Security Policy Asset management HR Security Physical and Environmental Security Communications and operations management Access control procedures Compliance with standards (BS/ISO 27001) Risk Assessment
Safe Use usable and familiar software desktop access (though not on your desktop) training / disclosure control safe systems for accidental/malicious access encrypted communications Safe people in safe places with level of auditing leads to less disclosure risk.
Safe inputs! Safe place for sensitive data merging Users can upload own and other UKDA data Syntax files Script Program files BUT All user files entering system will be vetted: Security/Virus checking etc. Potential likelihood of disclosure risk
Collaboratories Project specific filespaces with shared documents, analyses, code library?, etc. Piloting Wiki-type community collaboration and support All levels of data (EUL to Secure) available
Second phase test data British Household Panel Survey Scottish Longitudinal Survey National Child Development Study British Cohort Study (1970) Millennium Cohort Study
Sources Big Brother image from: blog.wired.com/business/2008/04/index.html blog.wired.com/business/2008/04/index.html (no copyright notice) Stolen laptop image from: (Do not copy because my lawyer is bigger than your lawyer)