Research data security: frameworks, compliance and best practice

A range of Trusted Research Environments (TREs) across the UK have adopted the Five Safes framework to guide their data security processes. The Five Safes comprise: 

• Safe people: All researchers who require access to secure data for their projects are subject to an application process and must be approved by the data provider. Researchers must also undergo appropriate information governance and data protection training, as well as demonstrate that they have the necessary technical skills to use the data, usually through academic qualifications or practical research experience. 
• Safe projects: Access to data is only granted for research in the public good. As part of the application process, researchers are required to demonstrate that their projects will use data appropriately and ethically, deliver clear public benefit, and that they will publish their results to enable use, scrutiny and further research.   
• Safe settings: Data can only be retrieved and analysed within a secure analytical environment such as a trusted research environment (TRE), which provides controlled access to secure datasets. Access to TREs may be remote or physical depending on the nature of the data requested. Read more about safe settings on our Trusted Research Environments and data access page.  
• Safe data: Data providers ensure that researchers are only able to access data that’s required in order to answer the project’s research questions. One way to achieve this is de-identification, in which any details that could potentially identify an individual, such as names, addresses and identification numbers, are removed or pseudonymised before data is made available for analysis.
• Safe outputs: All research outputs undergo disclosure assessment and statistical checking performed by one or two trained professionals to ensure outputs meet strict confidentiality standards before aggregated data can be released from the TRE. During this process, any potentially re-identifiable outliers are removed. 

Securing research data: eDRIS and the Scottish National Safe Haven

eDRIS data security provisions

Researchers requiring access to secure datasets will work with Research Coordinators from eDRIS, the electronic Data Research and Innovation Service within Public Health Scotland (PHS). To ensure data security and confidentiality, eDRIS follows the Scottish Government’s Guiding Principles for Data Linkage and adopts international best practice standards, including the following: 

• Secure data provisioning and backup delivered through state-of-the-art secure data technology within the Scottish National Safe Haven. 
• Robust information governance procedures that balance data protection and privacy with the need to support research that delivers public benefit. Data will only be accessed by researchers affiliated with approved organisations within TREs.  
• Secure file transfer protocols to support the transmission of data between data providers and TREs. 
• Strict data de-identification methods wherein separation of roles and robust indexing procedures are designed to minimise the risk of breaching individuals' privacy when using confidential, sensitive data. Personal identifiers are kept separate from the attribute/content data. 
• Controlled data linkages created and maintained using rigorous, internationally accepted privacy preserving protocols, direct or probabilistic matching, with clerical review available to increase matching accuracy where required. Any data can be requested for ethically approved research which aims to benefit the public in Scotland. Completion of missing data to improve quality and allow linkage between datasets can also be provided. 
• Secure environments (TREs/safe havens) provided for researchers to analyse de-identified individual level or summarised records. TRE access is dependent upon the nature of the data requested for a research project. 
• Confidentiality guaranteed through restricted access to securely stored confidential data. eDRIS uses statistical disclosure control methods on statistical outputs, such as graphics, tables or regression analyses, prior to release to ensure disclosure agreements are supported. 

These measures aim to ensure data providers are confident of the security of their data. Researchers can request more detailed information from their eDRIS Research Coordinators. 

Data security within the Scottish National Safe Haven

Secure access to national administrative and health data is provided through the Scottish National Safe Haven (NSH), a trusted research environment (TRE) provided by the EPCC at the University of Edinburgh and operated by eDRIS. The NSH is one of five TREs set up as collaborations between academia and NHS Scotland boards as part of the Charter for Safe Havens in Scotland (2015).  

The NSH meets several national and international security standards (ISO 27001:2013, Cyber Essentials, NHS England’s Digital Security Protection Toolkit and is Digital Economy Act (2017) accredited) and penetration testing is performed on an annual basis. Penetration testing is where an external company is contracted to fully test the security of a system by simulating a cyberattack. This helps discover potential points that could be exploited and ensures the systems in place to deal with breaches operate accordingly.  

Approved researchers are provided with study-specific logins designed to prevent cross access and only the data required for their study. Remote access to the data in the NSH requires two-factor authentication and only authorised IP ranges are allowed to connect. Furthermore, study areas within the NSH have restricted permissions regarding what can be accessed and edited, and there is no ability for users to connect to the internet or make external connections.    

All transfer of data into the National Safe Haven is performed by eDRIS staff via a secure file transfer process. Any outputs requested by researchers are subject to strict statistical checking and disclosure assessment to ensure that no individuals can be identified and that the outputs meet the highest confidentiality standards. 

Sanctions for misusing data

Research Data Scotland (RDS) and its partners are focussed on preventing misuse of data rather than issuing penalties. Furthermore, we believe that sanctions for misusing data will only be an effective deterrent if they are fully understood.  

Before data access is provided, each approved researcher must sign the eDRIS User Agreement. This Agreement outlines sanctions and penalties which may be applied in cases of non-compliance.  

An example offence is transferring login details to any other user. In this case, a first offence would result in a one-year access suspension, while a second offence would result in permanent suspension.