Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access to confidential data: Is the balance of risks right?

Published byJoseph Peters Modified over 5 years ago

Similar presentations

Presentation on theme: "Access to confidential data: Is the balance of risks right?"— Presentation transcript:

1 Access to confidential data: Is the balance of risks right?
Felix Ritchie 3rd Workshop on Data Access: Ann Arbor, May 2010

2 The contention Access to confidential NSI data is poor because
Incentives don’t encourage it Inappropriate risk assessment 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

3 Incentives Benefits of use Risks of use Risks of non-use
More information available to the public Risks of use Loss of confidentiality Risks of non-use Less information circulates Benefit to public Cost to NSI Cost to public Benefits of use also accrue to NSI – better info on stats, free consultancy etc. Important for internal politics but not for the wider aspect so ignore here Risks of use could also include bad policy making due ot poor understanding of data – ignore. Assumption is that more info is good and bad policy will be made with or without evidence Risks of non-use as missing evidence – higher chance of bad policy making (but not necessarily) 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

4 Are we overly risk-averse?
Worst-case scenarios Reliance upon theory, not experience Overstatements of impact Silo mentality Fear of the new Worst-case scenario example: IT specialist arguing that intruder would spend four years getting a stats degree as a way of getting access to my lab Theory not experience example: Discussion group thread about the need to model the real world “Yes! How can we mathematically model these real world scenarios?” - Second example: lots of examples of academics doing stupid things; no evidence of malicious conduct Impact example: little impact from release of business data, although could be significant from personal data Silo mentality: our lovely IT friend creating increasingly complex remote job system, ignoring the possibility of training researchers/output checking Fear of the new example: abandoning the VML in favour of the Longitudinal Study, a system which let support officers log on visiting researchers using the SO’s own user name and password, giving them access to , internet, interal ONS files etc 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

5 Risk assessment: way forward?
Focus on practical risks Focus on practical impacts Accept non-negligible risk Explicitly multi-dimensional model for risk management Risks: assume eg researchers are foolish and lazy but well-intentioned Impacts: will the world collapse if this data gets out? Accept risk example: not planning to do anything in the VML to stop researchers writing down form the screen Multi-dimensional model: use VML example 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

6 Identifying public benefits: Ways forward?
Net benefit of release key criterion Confidentiality as a cost element? Active involvement of users in decisions Risk management rather than targeting Risk management: NSI take user needs and own objectives much more into account; treat risk as a something to be managed, not a target to be achieved Buy-in: Other govt depts (eg) need to sahre NSI’s view on data release: share info about needs, no mudslinging Public good: NSI (with support) takes a stand on public benefit – of which confidentiality is only a part 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

7 Summary: is the balance of risks right?
…? 3rd Workshop on Data Access: Ann Arbor May Felix Ritchie

Download ppt "Access to confidential data: Is the balance of risks right?"

Similar presentations

Queensland University of Technology CRICOS No. 00213J Ethical Use of Confidential Student Information Student Success Program Training.

Queensland University of Technology CRICOS No J Ethical Use of Confidential Student Information Student Success Program Training.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
Access to sensitive data in the UK: a principles-based approach Felix Ritchie.

Access to sensitive data in the UK: a principles-based approach Felix Ritchie.
User-centred, evidence-based, risk- managed access to data Hans-Peter Hafner 1, Rainer Lenz 1,2, Felix Ritchie 3, Richard Welpton 4 1 Technical University.

User-centred, evidence-based, risk- managed access to data Hans-Peter Hafner 1, Rainer Lenz 1,2, Felix Ritchie 3, Richard Welpton 4 1 Technical University.
Community Safety and Disability Anne Lawtey Community Safety Partnership Manager.

Community Safety and Disability Anne Lawtey Community Safety Partnership Manager.
Frontline Enterprise Security

Frontline Enterprise Security
The financial costs and benefits of alcohol The financial costs and benefits of alcohol Christine Godfrey Department of Health Sciences & Centre for Health.

The financial costs and benefits of alcohol The financial costs and benefits of alcohol Christine Godfrey Department of Health Sciences & Centre for Health.
John Deutsch Institute: Access to Business Data Access to business data: Is the balance of risks right? Felix Ritchie.

John Deutsch Institute: Access to Business Data Access to business data: Is the balance of risks right? Felix Ritchie.
Tackling In-Work Poverty Across Europe: Options for Campaigners EAPN General Assembly Oslo June 2012.

Tackling In-Work Poverty Across Europe: Options for Campaigners EAPN General Assembly Oslo June 2012.
Technology In Schools BY Desmond Thomas. How many of you like using technology in school?

Technology In Schools BY Desmond Thomas. How many of you like using technology in school?
Managing Time Barrie Humphreys Better Human Resource Management Ltd.

Managing Time Barrie Humphreys Better Human Resource Management Ltd.
Security Management in Practice

Security Management in Practice
Hannah Pollard- Admissions Progression Officer

Hannah Pollard- Admissions Progression Officer
Build an Enterprise IT Security Training Program

Build an Enterprise IT Security Training Program
Chapter 8 Dividend policy

Chapter 8 Dividend policy
Spontaneous recognition: Risk or distraction

Spontaneous recognition: Risk or distraction
Leadership in Education Awards Programme

Leadership in Education Awards Programme
Improving your finance function

Improving your finance function
Handout 2: Effective working relationships

Handout 2: Effective working relationships
The Demand for Audit and Other Assurance Services

The Demand for Audit and Other Assurance Services

Similar presentations

Ads by Google