‘Five Safes’ or ‘One Plus Four Safes’? Musing on project purpose

Posted on

by Felix Ritchie and Francesco Tava

A recent working paper discusses the ‘Fives Safes’ framework for confidential data governance and management. This splits planning into a number of separate but related topics:

  • safe project: is this an appropriate use of the data? Is there a public benefit, or excessive risk?
  • safe people: who will be using the data? What skills do they have?
  • safe setting: how will the data be accessed? Are there limits on transferring it?
  • safe data: can the detail in the data be reduced without excessively limiting its usefulness?
  • safe outputs: is confidentiality protected in products such as tables of statistics?

This framework has been widely adopted, particularly in government, both as a practical guide (eg  this one ) and as a basis for legislation (eg the UK Digital Economy Act or the South Australia data sharing legislation

As a practical guide, there is one obvious limitation. There is no hierarchy among the ‘safes’, and they are all interrelated; so which should you put most emphasis on?

We use the Five Safes to structure courses in confidential data management. One of the exercises asks the attendees to rank them as ‘what should we be most/least concerned with?’ The point of the exercise is not to come up with a definitive ranking, but to get the attendees to think about how different elements might matter in different circumstances.

This exercise generates much discussion. Over the years, we have had participants putting forward good arguments for each of the Five Safes as being the most important. Traditionally, and in the academic literature, Safe Data is seen as the most important: reduce inherent risk in the data, and all your problems go away. In contrast, in the ‘user centred’ planning we now advocate (eg here], Safe People is key: know who your users are, and design ethical processes, IT systems, training and procedures for them.

When training, this is the line we usually take, because we are training people to use systems which have already been designed. The aim of the training is to help people understand the community they are part of. Our views are therefore coloured by the need to work within existing systems.

Our thinking on this has been challenged by the developments in Australia. The Australian federal government is proposing a cross-government data sharing strategy based on the ‘Australian Data Sharing Principles’ (ADSPs). The ADSPs are based on the Five Safes but designed as a detailed practical guide to Australian government departments looking to share data for analysis. As part of the legislative process, the Australian government has engaged in an extensive consultation since 2018, including public user groups, privacy advocates, IT specialists, the security services, lawyers, academic researchers, health services, the Information Commissioner, and the media.

Most of the concerns about data sharing arising in the consultation centre on the ‘safe project’ aspect. Typical questions that cropped up frequently included:

  • How do we know the data sharing will be legal/appropriate/ethical?
  • Who decides what is in the ‘public interest’?
  • How do you prevent shared data, approved for one purpose, being passed on or re-used for another purpose without approval?
  • What sort of people will we allow to use the data? Should we trust them?
  • What will happen to the data once the sharing is no longer necessary? How is legacy data managed?
  • Do we need to lay down detailed rules, or can we allow for flexible adherence to principles?
  • Where are the checks and balances for all these processes?

These are all questions which need to be addressed at the design stage: define the project scope, users and duration, and then assess whether the likely benefits outweigh costs and reasonable risks. If this can’t be done… why would you take the project any further?

Similarly, in recent correspondence with a consulting firm, it emerged that a key part of their advice to firms on data sharing is about use: the lawfulness of the data sharing is relatively easy to establish – once you have established the uses to which that shared data will be put. Some organisations have argued that there should be an additional ‘safe’ just to highlight the legal obligations.

This is particularly pertinent for data sharing in the public sector, where organisations face continual scrutiny over the appropriate use of public money. A clear statement of purpose and net benefits at the beginning of any project can make a substantial difference to the acceptability of the project. And whilst well-designed and well-run projects tend to be ignored by people not involved, failures in public data sharing (eg Robodebt or care.data) tend to have negative repercussions far beyond the original problems.

This is not the only concern facing data holders in a digital age of multi-source data. Handling confidential data always involves costs and benefits. Traditional approaches that focus on Safe Data identify the data holder as the relevant metric for these costs and benefit. A recent paper shows how this vision is at odds with the most recent developments in the information society that we live in. Consider the use of social media in research: is any of the actions by the author, the distributor or the researcher sufficient in itself to establish the moral authority of an end use? In this modified context, traditional ethical notions such as individual agency and moral responsibility are gradually substituted by a framework of distributed morality, whereby multiagent systems (multiple human interactions, filtered and possibly extended by technology) are responsible for big morally-loaded actions that take place in today’s society (see on this).

In this complex scenario, taking the data holder as the only arbiter of data governance might be counterproductive, insofar as practices that are morally neutral for the data holder (for example, refusing to consider data sharing) could damage the multiagent infrastructure which that data holder is part of (eg limiting incentives to participate). On the other hand, practices that can cause a minor damage to one of the agents (such as reputational risk for the data holder) could lead to major collective advantages, whose attainment would justify that minor damage, and make acceptable on a societal basis.

In order to minimise the risks, an innovative data management approach should look at the web of collective and societal bonds that links together data owners and users. In practice, this means that decision-making regarding confidential data management will not be grounded on the individual agency and responsibility of individual agents, but will rather correspond to a balance of subjective probabilities. On these premises, focusing on the Safe Project makes pre-eminent the notion that data should be made available for research purposes if the expected benefit to society outweighs the potential loss of privacy for the individual. The most challenging question is, of course, how to calculate this benefit, when so many of the costs and benefits are unmeasurable.

And this is the difference between Safe Projects and the others. ‘Safe projects’ addresses the big conceptual questions. Safe people, safe settings and safe outputs are about the systems and procedure to implement those concepts, whilst Safe Data is the residual (select an appropriate level of detail once the context is defined). So rather than Five Safes perhaps there should be One Plus Four Safes…

About the authors

Felix Ritchie is Professor of Applied Economics in the department of Accounting Economics and Finance

Francesco Tava is Senior Lecturer in Philosophy in the Department of Health and Applied Social Sciences

Invitation to sit with the Wage & Employment Dynamics (WED) Team

Posted on

You’re invited to sit with the Wage & Employment Dynamics (WED) team on
27 July 2020 at 10:30 am – 11:00 am.

The WED project is building new data that will increase our understanding of how people’s wages progress through their career. At the project’s core is the development of a new version of the Annual Survey of Hours and Earnings (ASHE) dataset, which is being linked to various other official datasets (e.g. Census) for public use. The linked dataset will enable new research on a wide range of wage and employment issues, from labour market entry, through job mobility and career progression to retirement. In this introduction, Professor Felix Ritchie will outline the intended outputs from the project and explain how researchers and analysts will be able to access the resulting data.

Register your interest in attending here.

Energy Contagion in the COVID-19 Crisis

Posted on

By Reinhold Heinlein

At the time of the COVID-19 crisis, the oil market has suffered an unprecedented crisis, with the WTI crude oil price dropping into negative territory (-$37.63 per barrel) in April 2020. At the same time, the oil/stock market nexus is not clear cut and limited studies have considered the impact of crises in the oil market. A new working paper by researchers at UWE, Keele and Portsmouth investigates this unique situation.

Using a high frequency dataset (collected at intervals of 5 minutes), for a selected sample of oil importing and exporting countries across G7, BRICS and Scandinavian economies, we demonstrate the existence of an energy contagion, in terms of a consistently higher interdependence between stock markets and the crude-oil market during the COVID-19 driven oil crisis. Such results applies to all countries in our sample, although oil exporters are shown to have been hit more heavily, with Russia exhibiting the highest contagion.

Overall, our results confirm the importance of crude oil on stock markets, which have been shown to behave as a market of one during the recent crisis.

Reference and link: Reinhold Heinlein (Bristol Business School) is currently researching on the link between crude oil prices and stock markets during the COVID-19 pandemic, in a new paper, “Energy Contagion in the COVID-19 Crisis” written with Gabriella Legrenzi (Keele University) and Scott Mahadeo (Portsmouth University) and published in the CESifo Working Paper series No. 8345.

View the full working paper here.

Bringing Together Data to provide insights into Earnings & Employment

Posted on

The Wage and Employment Dynamics (WED) project aims to bring together data to provide insights into the dynamics of earnings and employment. The aim is to do this by integrating data across individuals across years, jobs, income sources and employers. This is a large project, with significant potential to improve our understanding of wage and employment issues from labour market entry, through job mobility and career progression to retirement decisions.

A team of researchers from UWE, University of London (CUL), UCL, and the National Institute of Economic and Social Research (NIESR) will create a wage and employment spine to do just this. We will train users on the spine and generate research findings of direct interest to policy makers. 

This will entail analysis of:

  • Employment: focusing on the drivers of hourly wages, part- and full-time employment, self-employment, underemployment, and retirement decisions
  • Households: focusing on the structure of households and household resources and the way they affect participation in the labour market, including child care, retirement decisions, and the impact of Universal Credit (UC)
  • Employer perspectives: focusing on how workers achieve wage growth both within and across firms, and how employers react to changing labour market conditions, such as shifts in skills, demand, technology and minimum wages.

At the heart of the project is the Annual Survey of Hours and Earnings (ASHE) and New Earnings Survey (NES). These survey datasets derive from a 1% sample of all employees in employment and will be developed to provide a truly longitudinal research resource. An ASHE/NES dataset which has longitudinal integrity across workers and jobs, with consistent referencing across data sets and time, will constitute a valuable research asset in its own right.

In addition, we aim to undertake six major linkage projects, in which we will create robust, documented linkages between the employee records contained in ASHE and data on:

  • enterprises and establishments – contained in the Interdepartmental Business Register, (IDBR);
  • personal and household characteristics – contained in the 2011 Census;
  • educational attainment – contained in HESA (Higher Education Student data);
  • benefit history – contained in DWP benefit records;
  • pay records – contained in HMRC PAYE data;
  • self-employment income – contained in HMRC Self Assessment (SA) records.

Through these various linking projects, we aim to create a core data set which allows integrated analysis of all forms of income across working lives, with the capacity to address a wide range of future analytical requirements. The end goal of the project is to turn this fully-linked dataset into a sustainable ‘wage and employment spine’ (WES), so that researchers no longer need to create new linkages each time. The linked data will be used for research purposes within the project itself, but the spine will form an ongoing resource for researchers. The intention is for the WES to form the basis for linked-data projects beyond 2022, both for academics and government agencies.

To find out more visit the WED website or sign up to their newsletter.

Online Event: Rules vs. Principles-based Regulation: What can we learn from different professions?

Posted on

Bristol Centre for Economics and Finance is hosting an online event on 28th May 2020: Rules vs. Principles-based Regulation: What can we learn from different professions?

There is an active debate in many disciplines about the most appropriate approach to regulation and enforcement. The workshop intends to bring together participants from different disciplines to provide an overview of the predominant approaches, along with the respective debates, experiences, and challenges. Common experiences and core issues can be identified.

The workshop aims to spark debate about regulation and whether we, across disciplines, could respond differently to the challenges we face and find novel ways to more efficient regulation.

Obtaining insight into other disciplines’ experiences shall enable us to rethink the predominant approaches. By learning from each other we can ask: Can we do better, both in our own disciplines and the common regulatory landscape? Might there be a better way?

The event is of interest to both public and private sector participants: Policy-makers, government enforcement agencies, academics, and industry professionals in the area of, and affected by, regulation, in various disciplines.

Sign up for this free event here

Workshop programme

13:00 – 13:05 Welcome Professor Felix Ritchie
  Cluster 1 Presentations: Data regulation in the public and private sector
13:05 – 13:15 Data in the public/private sector Design of incentive systems/evidence base Professor Felix Ritchie/Elizabeth Green
13:15 – 13:25 Data in the public sector Organisational trust Andrew Engeli – Office for National Statistics
13:25 – 13:35 Data in the private sector (I) Data Protection & Privacy Martin Hickley – Director Martin Hickley Data Solutions Limited
13:35 – 13:45 Data in the private sector (II) Data Analytics & Privacy Luk Arbuckle – Chief Methodologist Privacy Analytics
13:45 – 14:15 Cluster 1 Discussion
14:15 – 14:25 Break
  Cluster 2 Presentations: Financial markets and accounting
14:25 – 14:35 Rules vs principles in financial markets Financial Regulation & Compliance Expert witness Paul Keenan – Visiting Practitioner Professor in Financial Regulation in the Business and Law Faculty of the University of the West of England (UWE)
14:35 – 14:45 Rules vs principles in accounting (I) Practical accounting & Regulator Perspective Bryan Foss – Digital Non-Executive Director, Risk & Audit Chair, Visiting Professor and Board Readiness Coach
14:45 – 14:55 Rules vs principles in accounting (II) Auditing & Corporate Governance Ismail Adelopo/Florian Meier
14:55 – 15:25 Cluster 2 Discussion
15:25 – 15:35 Break
  Cluster 3 Presentations: Legal perspective and non-financial regulation
15:35 – 15:45 Legal perspective Financial crime Nicholas Ryder – Professor in Financial Crime
15:45 – 15:55 Non-financial regulation Modern slavery and other required reporting Jaya Chakrabarti – CEO Semantrica Ltd (tiscreport)
15:55 – 16:25 Cluster 3 Discussion
16:25 – 16:55 Summary and Closing remarks Nicholas Ryder Professor in Financial Crime