Incentive compatibility in data security Felix Ritchie, ONS (Richard Welpton, Secure Data Service)

Slides:



Advertisements
Similar presentations
Microdata access in practice Felix Ritchie. Overview Concerns Conceptual and practical concerns International practice UK experience Key lessons.
Advertisements

Strategic Commissioning Ian Tibbles & Neil Wilson 29 th January, 2004.
Nomad making moves towards mobile and flexible working Embedding Mobile Working David Cramond Atos Consulting 6 April, local e-gov EXPO 2006.
Restorative Practice.....at Christ the Sower “ Helping you engage with your children ’ s learning ”
Guidelines on Building and Using Power
Improving the conduct of stop and search Dr Paul Quinton, NPIA Prof Betsy Stanko, Metropolitan Police Cmdr Tony Eastaugh, Metropolitan.
Restorative Guide A very brief guide to introduce the principles and methods of a restorative approach.
Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”
The best option for young people leaving care?. Supported Lodgings Definition. According to Broad (2008), “the term ‘supported lodgings’ has no universal.
Resistance to change in government Risk, inertia and incentives Felix Ritchie Bristol Business School University of the West of England, Bristol.
© Baptist Leadership Group MMXIII Conducting Vital Conversations Leadership Development Institute Beverly Begovich RN, BSN, MBA, MBB Practice Leader Baptist.
Building Strong Families
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
Rotterdam Institute of Law and Economics Ius Commune Conference Leuven Workshop Liability and Insurance November 26, 2010 Louis Visscher Rotterdam Institute.
Change Management Addressing Resistance to Change Georgia Tech March 12, 2013 Debbie Brown, SPHR, MBA, MSW.
Believernomics for dynamic leadership powerful tips pa360media.com 10.
“Economics 101” -Is Government Intervention necessary in Markets? Training Session 5 Mar 2014.
Dialogue: What to do, what not to do, and how to know the difference! A presentation (sort of) to a high-level Surinamese audience by an itinerant UNDP.
Economic Analysis and Management Todd Wagner, PhD.
MANAGING PERFORMANCE A business psychology perspective by Michael Wellin BA, MSc, C.Psychol.
IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.
Forum Shopping and the Global Benefits of Soliciting Insolvency Keith Crawford University of Nottingham
Managerial Economics and Organizational Architecture, 5e Managerial Economics and Organizational Architecture, 5e Chapter 15: Incentive Compensation McGraw-Hill/Irwin.
International data sharing via standards Felix Ritchie.
1 Livelihoods in REDD+: Land tenure and PES Luca Tacconi Asia Pacific Network for Environmental Governance Crawford School of Economics and Government.
Statistics - deceptive? Authors often provide statistics to support their reasoning, and the statistics appear to be hard evidence. Authors often provide.
MOTIVATION AND COMMITMENT Dr. Joyce Osland, Ph.D. San Jose State University.
Developing a Statistical Disclosure Standard for Europe Tanvi Desai LSE Research Laboratory Data Manager Research Laboratory IASSIST 2010: Cornell.
Questions from a patient or carer perspective
Needs Analysis Session Scottish Community Development Centre November 2007.
HOSPITAL PHYSICIAN INTEGRATION ACHE WEST VIRGINIA CONFERENCE MAY 30, 2014.
Integrated Offender Management in Warwickshire Partners working together to reduce reoffending.
J.H.Saltzer, D.P.Reed, C.C.Clark End-to-End Arguments in System Design Reading Group 19/11/03 Torsten Ackemann.
Governance International is a non-profit organisation specialising in spreading good practice across public services internationally, especially in Europe.
Creating Value Learning resources for managers to deliver efficiencies whilst improving effectiveness Iain Springate, Project Manager & Researcher.
Engaging in Effective Performance Discussions June 6, 2013.
Helping Learners. 1. Helping Learners Improve their Cognitive Understanding. 2. Help Learners Improve their Physical and Motor Fitness. 3. Help Learners.
CMUN 11 Business Communication Mrs. Ellen Waddell Communication in Organizations.
Maurizio Ammannato. Maurizio Ammannato Mobile working can make a major contribution to: Better customer service Smarter working Gains in efficiency Embedding.
4/00/ © 2000 Business & Legal Reports, Inc. BLR’s Human Resources Training Presentations Effective Communication Skills.
Allied Healthcare Professions Service Improvement Projects Regional Event Turning Data Into Knowledge Resource Pack.
The power of information: Putting all of us in control of the health and care information we need Giles Wilmore, Director of Patient & Public Voice and.
Access to sensitive data in the UK: a principles-based approach Felix Ritchie.
UK Data Access Practices Felix Ritchie. Overview The legislative model The data model The security model Developments Current key concerns.
Applications in Acquisition Decision-Making Process.
Update on the Grid Security Vulnerability Group Linda Cornwall, MWSG7, Amsterdam 14 th December 2005
User-centred, evidence-based, risk- managed access to data Hans-Peter Hafner 1, Rainer Lenz 1,2, Felix Ritchie 3, Richard Welpton 4 1 Technical University.
SELF DIRECTED SUPPORT Equality Impact Assessment.
The Law and Development Institute “Rule of Law and Development” Prof. Y.S. Lee 2014 Law and Development Conference May 16, 2014 Manchester, U.K.
Development of UK Virtual Microdata Laboratory Felix Ritchie Shanghai, March 2010.
Restitution on Work Session 1 Paul Jackson DwB – WP3.
TRAINING COURSE. Course Objectives 1.Know how to handle a suspected case 2.Know how to care for a recognized trafficked person referred to you Session.
The internet is an amazing resource. We can connect, communicate and be creative in a number of different ways, on a range of devices. However, the internet.
BES-t Practices Training Phase 3 Counseling – Behavior Modification.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
John Deutsch Institute: Access to Business Data Access to business data: Is the balance of risks right? Felix Ritchie.
Context and Problem Effects of Changes Strategy for Change Aim: To reduce the length of handover by standardising the quality of information transmitted.
Coaching model for Person Centred Care “Person to Partner model”
Fixing the windscreen with a clear way forward. Children and Family Services.
Development of UK Virtual Microdata Laboratory
Access to business data: Is the balance of risks right?
Treatment of statistical confidentiality Part 5 Summary & reflection: rules versus principles Introductory course Trainer: Felix Ritchie CONTRACTOR IS.
Leadership Behaviours Model
Powerful, Purposeful Communication
Lessons learned in training ‘safe users’ of confidential data
Access to business data: Is the balance of risks right?
Access to confidential data: Is the balance of risks right?
KVI Analysis for period 1st May 2018 to 31st March 2019
Treatment of statistical confidentiality Part 5: Rules versus principles Introductory course Trainer: Felix Ritchie CONTRACTOR IS ACTING UNDER A FRAMEWORK.
KVI Analysis for period 1st May 2018 to 31st March 2019
Presentation transcript:

Incentive compatibility in data security Felix Ritchie, ONS (Richard Welpton, Secure Data Service)

Overview Research data centres Traditional perspectives A principal-agent problem? Behaviour re-modelling Evidence and impact

Research data centres Controlled facilities for access to sensitive data Enjoying a resurgence as ‘virtual’ RDCs –Exploit benefits of an RDC –Avoid physical access problems ‘People risk’ key to security

The traditional approach

Parameters of access NSI –Wants research –Hates risk –Sees security as essential Researcher –Wants research –Sees security as a necessary evil a classic principal-agent problem?

NSI perspective Be careful Be grateful

Researcher perspective Give me data Give me a break!

Objectives V NSI = U(risk-, Research+) – C(control+) V i (researcher i ) = U(research i +, control-) risk = R(control-, trust-) < R min Research = f(V i +)

A principal-agent problem? NSI: Trust= T(law fixed ) = T(training(law fixed ), law fixed ) Maximise research s.t. maximum risk Risk= Risk min Researcher: Control = Control fixed Maximise research

Dependencies research i ViVi trustcontrol ResearchRisk V NSI choice variables

Consequences: inefficiency? NSI –Little incentive to develop trust –Limited gains from training –Access controls focus on deliberate misuse Researcher –Access controls are a cost of research –No incentive to build trust

More objectives, more choices research i ViVi trust control ResearchRisk V NSI training effort

Intermission: What do we know?

Conversation pieces Researchers are malicious Researchers are untrustworthy Researchers are not security-conscious NSIs don’t care about research NSIs don’t understand research NSIs are excessively risk-averse ☒ ☑ ☒ ☒ ☑ ☑

Some evidence Deliberate misuse –Low credibility of legal penalties –Probability of detection more important –Driven by ease of use Researchers don’t see ‘harm’ Accidental misuse –Security seen as NSI’s responsibility Contact affects value

Developing true incentive compatibility

Incentive compatibility for RDCs Align aims of NSI & researcher –Agree level of risk –Agree level of controls –Agree value of research Design incentive mechanism for default –Minimal reward system –Significant punishments Bad economics?

Changing the message (1) behaviour of researchers Aim –researchers see risk to facility as risk to them Message –we’re all in this together –no surprises, no incongruities –we all make mistakes Outcome –shopping –fessing

Changing the message (2) behaviour of NSI Aim –positive engagement with researchers –realistic risk scenarios Message –research is a repeated game –researchers will engage if they know how –contact with researchers is of value per se –we all make mistakes Outcome –improved risk tolerance

Changing the message (3) clearing research output Aim –clearances reliably good & delivered speedily Message –we’re human & with finite resources/patience –you live with crude measures, but –you tell us when it’s important –we all make mistakes Outcome –few repeat offenders –high volume, quick response, wide range –user-input into rules

Changing the message (4) VML-SDS transition Aim –get VML users onto SDS with minimal fuss Message –we’re human & with finite resources/patience –don’t ask us to transfer data –unless it’s important Outcome –most users just transfer syntax –(mostly) good arguments for data transfer

Changing the message: summary we all know what we all want we all know each other’s concerns we’ve all agreed the way forward we are all open to suggestions we’re all human

IC in practice Cost –VML at full operation c.£150k p.a. –Secure Data Service c. £300k –Denmark, Sweden, NL €1m-€5m p.a. Failures –Some refusals to accept objectives –VML bookings –Limited knowledge/exploitation of research –Limited development of risk tolerance

Summary ‘Them and us’ model of data security is inefficient Punitive model of limited effectiveness Lack of information causes divergent preferences Possible to align preferences directly It works!

Felix Ritchie Microdata Analysis & User Support ONS

Objectives V NSI = U(risk-, Research+) – C(control+) V i (researcher i ) = U(risk-, research i +, control-) risk = R(control, trust) control = C(compliance, trust trust = T(training, compliance)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.