Responsible data sharing: what is the Five Safes Framework?
Data Privacy Day is an opportune moment to reflect on Smart Data Foundry’s approach to responsible data sharing and the Five Safes Framework we use to align with data sharing best practices.
At Smart Data Foundry we make private sector financial data accessible and discoverable to researchers, policy influencers and public sector organisations. By responsibly sharing this data, we aim to enable research and policies which can address critical social challenges such as poverty, inequality and economic wellbeing.
We are aware of the responsibility which comes with our stewardship of data. This responsibility is to the individuals whose data we hold, the data partners who share it, the researchers who access it and the general public who benefit from the recommendations and policies it prompts.
We are committed to responsible data sharing, which is the practice of sharing data in a way which complies with the law and prioritises ethical considerations, data minimisation and risk mitigation. Compliance with best practices such as the Five Safes Framework helps us to do this.
What is the Five Safes Framework?
The Five Safes Framework is a set of principles which enable data services to provide responsible access to data for research purposes and ensure that data is used for public good.
Originally developed by the Office for National Statistics (ONS) in the 2010s, it has evolved into a widely used framework for responsible data sharing for research and policy purposes.
How does Smart Data Foundry comply with the Five Safes Framework?
Five Safes Framework | How Smart Data Foundry complies |
Safe data Data is treated to protect any confidentiality concerns. | The data we receive is already de-identified, and we check this to ensure that data are effectively anonymised before being made available for approved projects. |
Safe projects Research projects are approved by data owners for the public good. | Research projects must fit with the uses agreed with data partners. We carry out an assessment to confirm this, and also to check that they align with the public good, and that ethical and legal requirements are satisfied. |
Safe people Researchers are trained and authorised to use data safely. | Researchers have to complete data protection training and training on how to use the Trusted Research Environment, and pass independent clearance checks before being granted access to the data. |
Safe settings A Trusted Research Environment prevents unauthorised use. | Micro-level data is only accessible via the Trusted Research Environment. Data Collections, which aggregate data based on certain characteristics, can only be accessed by request on the secure MyFoundry platform. |
Safe outputs Screened and approved outputs that are non-disclosive. | We check outputs to ensure that they are anonymous and that individuals cannot be reidentified. |
Responsible data sharing at Smart Data Foundry
Trusted Research Environment
Our Trusted Research Environment (TRE) is where we securely host micro-level data received from our data partners. Access to the TRE is strictly controlled by our Data Operations and Information Governance teams, with only authorised and trained researchers who submit an approved research proposal which meets the ethical and public good requirements being granted access.
The TRE is supported by a robust infrastructure from Edinburgh University’s EPCC and is designed for securely storing, accessing, and analysing sensitive datasets, meeting rigorous industry security standards.
Training our staff
All Smart Data Foundry staff undergo data protection training when they join, and this training is regularly refreshed. Staff are highly aware that data protection is always a key consideration whenever working with information about people.
This year, we are using Data Privacy Day (28th January) as an opportunity to remind our staff of the responsibilities we have under data protection legislation. We will be reminding them to ensure that we manage our records robustly and secure the information with which we are trusted effectively.
Data protection is essential for building trust with our users, partners and the public
Complying with data protection legislation is more than just a compliance requirement. We hope that getting it right will help us to demonstrate that we can be trusted in our work to enable impactful research and inform decision-making through unlocking financial data.
The data protection landscape continues to evolve, most recently with the introduction by the UK Government to the UK Parliament, last year, of its Data (Use and Access) Bill. We are following the Bill as it progresses, so that we can implement, promptly, any changes required in the future.
Whatever happens we want to ensure that, come next International Data Protection Day, our data protection framework remains compliant.
