Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access to business data: Is the balance of risks right?

Published byPhilomena Cunningham Modified over 5 years ago

Similar presentations

Presentation on theme: "Access to business data: Is the balance of risks right?"— Presentation transcript:

1 Access to business data: Is the balance of risks right?
Felix Ritchie John Deutsch Institute: Access to Business Data

2 The contention Access to confidential NSI data is poor because
Incentives don’t encourage it Limited understanding of risk John Deutsch Institute: Access to Business Data May Felix Ritchie

3 Incentives Benefits of use Risks of use Risks of non-use
More information available to the public Risks of use Loss of confidentiality Risks of non-use Less information circulates Benefit to public Cost to NSI Cost to public Benefits of use also accrue to NSI – better info on stats, free consultancy etc. Important for internal politics but not for the wider aspect so ignore here Risks of use could also include bad policy making due ot poor understanding of data – ignore. Assumption is that more info is good and bad policy will be made with or without evidence Risks of non-use as missing evidence – higher chance of bad policy making (but not necessarily) John Deutsch Institute: Access to Business Data May Felix Ritchie

4 Problems with risk assessment
Worst-case scenarios Reliance upon theory, not experience Overstatements of impact Silo mentality Fear of the new Worst-case scenario example: IT specialist arguing that intruder would spend four years getting a stats degree as a way of getting access to my lab Theory not experience example: Discussion group thread about the need to model the real world “Yes! How can we mathematically model these real world scenarios?” - Second example: lots of examples of academics doing stupid things; no evidence of malicious conduct Impact example: little impact from release of business data, although could be significant from personal data Silo mentality: our lovely IT friend creating increasingly complex remote job system, ignoring the possibility of training researchers/output checking Fear of the new example: abandoning the VML in favour of the Longitudinal Study, a system which let support officers log on visiting researchers using the SO’s own user name and password, giving them access to , internet, interal ONS files etc John Deutsch Institute: Access to Business Data May Felix Ritchie

5 Risk assessment: way forward?
Focus on practical risks Focus on practical impacts Accept non-negligible risk Explicitly multi-dimensional model for risk management Risks: assume eg researchers are foolish and lazy but well-intentioned Impacts: will the world collapse if this data gets out? Accept risk example: not planning to do anything in the VML to stop researchers writing down form the screen Multi-dimensional model: use VML example John Deutsch Institute: Access to Business Data May Felix Ritchie

6 Cost & benefits: ways forward?
Open approach to risk management Buy-in by NSI clients Explicit acceptance of need to make value judgements about public good Risk management: NSI take user needs and own objectives much more into account; treat risk as a something to be managed, not a target to be achieved Buy-in: Other govt depts (eg) need to sahre NSI’s view on data release: share info about needs, no mudslinging Public good: NSI (with support) takes a stand on public benefit – of which confidentiality is only a part John Deutsch Institute: Access to Business Data May Felix Ritchie

7 Summary: is the balance of risks right?
No …probably What’s needed? NSI: more understanding of the real world Researchers: more understanding of NSI Joint acceptance of residual risk John Deutsch Institute: Access to Business Data May Felix Ritchie

Download ppt "Access to business data: Is the balance of risks right?"

Similar presentations

Microdata access in practice Felix Ritchie. Overview Concerns Conceptual and practical concerns International practice UK experience Key lessons.

Microdata access in practice Felix Ritchie. Overview Concerns Conceptual and practical concerns International practice UK experience Key lessons.
The introduction of CAS into assessment in mathematics at the IBO Aspects of item design and student performance.

The introduction of CAS into assessment in mathematics at the IBO Aspects of item design and student performance.
BACK TO SCHOOL THEY GO!!! With Miss. Pezzuti 2014-2015 Please click the picture to hear a personal welcome to 5 th grade!

BACK TO SCHOOL THEY GO!!! With Miss. Pezzuti Please click the picture to hear a personal welcome to 5 th grade!
Queensland University of Technology CRICOS No. 00213J Ethical Use of Confidential Student Information Student Success Program Training.

Queensland University of Technology CRICOS No J Ethical Use of Confidential Student Information Student Success Program Training.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Top tips that Financial Planners can learn from Accountants about running their firms Ian Pickford Partner Mazars LLP Director Mazars Financial Planning.

Top tips that Financial Planners can learn from Accountants about running their firms Ian Pickford Partner Mazars LLP Director Mazars Financial Planning.
Access to sensitive data in the UK: a principles-based approach Felix Ritchie.

Access to sensitive data in the UK: a principles-based approach Felix Ritchie.
UK Data Access Practices Felix Ritchie. Overview The legislative model The data model The security model Developments Current key concerns.

UK Data Access Practices Felix Ritchie. Overview The legislative model The data model The security model Developments Current key concerns.
User-centred, evidence-based, risk- managed access to data Hans-Peter Hafner 1, Rainer Lenz 1,2, Felix Ritchie 3, Richard Welpton 4 1 Technical University.

User-centred, evidence-based, risk- managed access to data Hans-Peter Hafner 1, Rainer Lenz 1,2, Felix Ritchie 3, Richard Welpton 4 1 Technical University.
Incentive compatibility in data security Felix Ritchie, ONS (Richard Welpton, Secure Data Service)

Incentive compatibility in data security Felix Ritchie, ONS (Richard Welpton, Secure Data Service)
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
The financial costs and benefits of alcohol The financial costs and benefits of alcohol Christine Godfrey Department of Health Sciences & Centre for Health.

The financial costs and benefits of alcohol The financial costs and benefits of alcohol Christine Godfrey Department of Health Sciences & Centre for Health.
Digital Citizenship by Robert Scherf and Carlos San Juan.

Digital Citizenship by Robert Scherf and Carlos San Juan.
CS426Fall 2010/Lecture 171 Computer Security CS 426 Lecture 17 Market Failure of Secure Software.

CS426Fall 2010/Lecture 171 Computer Security CS 426 Lecture 17 Market Failure of Secure Software.
John Deutsch Institute: Access to Business Data Access to business data: Is the balance of risks right? Felix Ritchie.

John Deutsch Institute: Access to Business Data Access to business data: Is the balance of risks right? Felix Ritchie.
Technology In Schools BY Desmond Thomas. How many of you like using technology in school?

Technology In Schools BY Desmond Thomas. How many of you like using technology in school?
Managing Time Barrie Humphreys Better Human Resource Management Ltd.

Managing Time Barrie Humphreys Better Human Resource Management Ltd.
MRCPsych Communication Skills Module

MRCPsych Communication Skills Module
Technology and Business Continuity

Technology and Business Continuity

Similar presentations

Ads by Google