Strengthening Data Security Dr. Sharon Bolton Dr. Matthew Woollard.

Slides:



Advertisements
Similar presentations
Reconciling the sharing of research data with ethical review for research with people as participants Dr Veerle Van den Eynden UK Data Archive Data support.
Advertisements

Quality Improvement in the ONS Cynthia Z F Clark Frank Nolan Office for National Statistics United Kingdom.
Data security and controlling access Managing research data well workshop London, 30 June 2009 Manchester, 1 July 2009.
The Economic and Social Data Service (ESDS) Karen Dennison, Support Services Manager, UK Data Archive April 2008.
Accessing and managing data in a secure environment: the Secure Data Service Matthew Woollard Head of Digital Preservation and Systems, UKDA The significance.
New Services for Data Creators and Providers Louise Corti, Head ESDS Qualidata/ Outreach & Training Alasdair Crockett, ESDS Data Services Manager.
UK Data Archive Microdata Access and the New ESRC Secure Data Service Melanie Wright, UKDA 2 nd Workshop on Data Access Cardiff, February 2009.
Samples of Anonymised Records from the 2001 Census Five different microdata files - with varying amounts of detail Three different modes of access - with.
The Statistics Act and Research Access to Data Paul J Jackson Legal Services ONS.
ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.
Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.
Implementation of the CoP in SLOVENIA Cooperation with data users Genovefa RUŽIĆ Deputy Director-General.
Secure Data Service: an improved access to disclosive data Reza Afkhami, Melanie Wright Secure Data service UKDA University of Essex IASSIST 2010, Ithaca,
In a Virtual Data Centre Protecting Confidentiality COMPUTATIONAL INFORMATICS Christine O’Keefe, Mark Westcott, Adrien Ickowicz, Maree O’Sullivan, CSIRO.
The Special Licence model for access to more detailed micro data IASSIST 2006 Thursday 25 May Karen Dennison UK Data Archive.
The UK Statistics and Registrations Services Act Tanvi Desai Data Manager LSE Research Laboratory Research Laboratory IASSIST Tampere.
Is Mobility of Data a Special Problem for Qualitative Research? John Southall ESDS Qualidata A service provider of the UK Data Archive.
Computer Security: Principles and Practice
Security Policies Group 1 - Week 8 policy for use of technology.
Instructions and forms
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Welcome ISO9001:2000 Foundation Workshop.
CSP Annual Security Training Miranda Gregory, CSP Analyst Carroll County Department of Citizen Services.
RoadTek Business Systems Ownership Briefing Session July 2003.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Regional Seminar on Census Data Archiving for Africa, Addis Ababa, Ethiopia, September 2011 Overview of Archiving of Microdata Session 4 United Nations.
HIPAA PRIVACY AND SECURITY AWARENESS.
DATA MANAGEMENT SUPPORT FOR RESEARCHERS …………………………………………
Introducing Research Ethics: Policy and Procedure
Guidelines for data preparation - ESRC Datasets Policy Louise Corti ESDS/UKDA Social Science Data Archives for Social Historians: creating, depositing.
Statistics Canada’s Real Time Remote Access Solution 2011 MSIS Meeting – Karen Doherty May 2011.
Dissemination to support Research & Analysis John Cornish.
Plans for Access to UK Microdata from 2011 Census Emma White Office for National Statistics 24 May 2012.
Access to microdata in Europe P resented by Michel Isnard – Insee DwB Training Course, Barcelona, Jan
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
ESRC Datasets Policy and Qualitative Data Preparation Gill Backhouse Senior Acquisitions and Liaison Officer Qualidata.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Developing and improving data resources for social science research A strategic approach to data development and data sharing in the social sciences Peter.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
UK Data Access Practices Felix Ritchie. Overview The legislative model The data model The security model Developments Current key concerns.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 ARRO: Anglia Ruskin Research Online Making submissions: Benefits and Process.
OPEN UP! Introduction to handling Freedom of Information requests.
About the Secure Data Access For the academic research community in the UK Delivered by the UK Data Service/Archive Funded by the Economic and Social Research.
Data for secondary analysis: the experience of the UK Data Archive Hilary Beedham UK Data Archive.
Development of UK Virtual Microdata Laboratory Felix Ritchie Shanghai, March 2010.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Welcome to the ICT Department Unit 3_5 Security Policies.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Records Coordinator Roles and Records Skills Kathryn Dan.
Expanding the Role of Synthetic Data at the U.S. Census Bureau 59 th ISI World Statistics Congress August 28 th, 2013 By Ron S. Jarmin U.S. Census Bureau.
Anonymising quantitative data
Accountability & Structured Privacy Management
Development of UK Virtual Microdata Laboratory
Integrated Management System and Certification
Karen Dennison Collections Development Manager
Quality Workshop The Local Council Award Scheme is a great guide for good practice in our sector and a way for councils to build confidence in their.
Move this to online module slides 11-56
Security Awareness Training: System Owners
Research Ethics and Integrity Officer
Sabrina Iavarone Senior User Services Officer
Neopay Practical Guides #2 PSD2 (Should I be worried?)
A strategic approach to data development and data sharing in the social sciences Peter Elias NCRM/SRA Workshop: "Data Linkage: Exploring the Potential"
Presentation transcript:

Strengthening Data Security Dr. Sharon Bolton Dr. Matthew Woollard

Background High-profile UK government data losses:  Statistics and Registration Services Act 2007  criminal penalties for disclosure of confidential information  protect personal data, restore public confidence  established UK Statistics Authority  Data Handling Procedures in Government (Hannigan Report), 2008  Mandatory Minimum Measures for data handling  UKDA – strong data security and confidentiality practices, but time to respond

Holistic approach Examined practice in all areas of UKDA business:  Confidentiality – advising data creators  Security in internal data handling and storage – human and technological procedures  Security in secondary data use – advising and educating users

Data creators: government UKDA works to balance disclosure risk with sufficient detail for effective research ONS release all data via Microdata Release Panel, tested and access-controlled – Special Licence, End User Licence Some government departments may still need guidance: UKDA/ESDS helping to enable ONS advice to them

SL vs. EUL vs. SDS EUL – standard access for majority of UKDA users: – No data below GOR, demographic data banded/aggregated – Users already agree in EUL not to try to identify individuals. SL – registered EUL users gain Approved Researcher (AR) status – Finer level of geographic detail (UA, NUTS2 and 3), more detailed demographics. SL does bring administrative burden – hold two versions of data, process AR applications UKDA launches Secure Data Service (SDS) October 2009 – further levels of security and user training for more disclosive data

Data creators: researchers UKDA works to balance disclosure risk with sufficient detail for effective research Smaller-scale academic projects may not have benefit of govt resources or background knowledge Individual advice on data edits – quantitative and qualitative Data management training for researchers Every dataset is individual, but internal guidelines written into procedures to ensure standardisation where possible across UKDA advice.

Data handling Internal procedures scrutinised: handling and storage of dataset files and associated admin materials, human/technological Data security procedures; Confidentiality Agreement UKDA Security Plan, UKDA Preservation Policy Respect staff professionalism and existing good practice Maintain internal standards and promote external confidence Regular update according to developments in govt/techno/digital preservation standards

Data users Strengthen existing guide to data handling and security Effective sanctions and breach policy Represent data users’ interests, encourage data creators to release data with sufficient detail for useful analysis Encourage dialogue between data creators and users Train users in data security: workshops, SDS

Technological solutions Maintain technical infrastructure to international standards (ISO in particular) Update regularly with advances and standards Systems testing and security plan – SQL injection, cross-site scripting etc., Breaches procedures (and for SDS too) Technological solutions to data access – security- controlled remote access software (SDS)

Further information Confidentiality and data security (quantitative/qualitative) Guidance for users Workshops ONS advice on Statistics and Registration Services Act act/index.html Government Mandatory Minimum Measures pdf