ADLS Trusted Third Party Service
The use of identifiable data to create detailed, linked or enhanced datasets is of incredible importance for social science research. Such datasets allow researchers the opportunity to fully investigate human behaviour, their choices and wellbeing in order to improve policy, services and quality of life. Owners of data may also benefit from the creation of such datasets where research may have otherwise not been possible.
A major concern when releasing identifiable data is the risk of the disclosure of an individual’s identity or loss of the data. A Trusted Third Party mechanism minimises these risks. A Trusted Third Party (TTP) can be described as an organisation which has been authorised by another organisation to manage or process identifiable data for a specific purpose. Key features of a TTP are:
- It only processes data in accordance with instructions from the data owning organisation.
- Includes a safe haven which operates physical and electronic access controls to allow identifiable data to be managed securely.
- Has no specific interest in any data provided to it.
In 2007, the Prime Minister announced a review of the framework for the use of personal information in the public and private sectors. In 2008, the Data Sharing Review Report was published by Thomas and Walport. One of the conclusions reached was that there should be better use of sharing identifiable data safely in the field of research and statistical analysis using mechanisms such as TTPs.
TTPs are already established mechanisms for research throughout the world. In the UK there are several TTPs in operation, predominantly in the field of health. These include the Secondary Uses Service (SUS) programme, The NHS Information Centre’s Trusted Data Linkage Service and the General Practice Research Database.
The involvement of a Trusted Third Party is necessary for research where, even though the end product of the transform is not sensitive, the process of carrying out the transform carries data security and/or privacy risks.
There are two likely scenarios for the involvement of a TTP:
1) Data Enhancement
A researcher wishes to enhance the information available in the standard dataset, typically by utilising variables not in the standard dataset but available in the raw data. An example of this is the addition of ethnicity to a dataset through the use of surname.
2) Data Linkage
A researcher wishes to link two or more datasets. If all of the following are true, then the use of the ADLS TTP is recommended:
(i) Legal and/or policy constraints on the data holding organisation mean that they cannot allow the researcher access to the raw data to enable the researcher to carry out the transform themselves.
(ii)Expertise and/or resources are not available in house, at the data holding organisation, to carry out the proposed transformation. Or the transform involves datasets held by two different DSO’s neither of whom can pass their data to each other.
(iii) The data holding organisation is willing for the researcher to have access to the transformed data
(iv)The ADLS TTP team are happy that the procedures will produce a dataset which is sufficiently non-disclosive, (taking into account the environment in which the researcher is to access it).
(v)All ethical and legal responsibilities regarding the proposed use of the dataset are met.
You can download a flow diagram of the basic mechanisms of a TTP outlining these scenarios by clicking here.
The ADLS TTP
The ADLS TTP service provides researchers and data holding organisations a mechanism to enable the combining and enhancing of data for research to which may not have otherwise been possible because of data privacy and security concerns.
The facility is housed within a secure room within the Centre for Census and Survey Research (CCSR) at the University of Manchester, and has been audited by the Office for National Statistics. The room is only used to carry out disclosure risk assessment work and other work that requires access to identifiable data.
The ADLS TTP team have a long track record of handling and analysing confidential and disclosive data. The full mechanisms (including legal status and security) of how the ADLS TTP would operate are not detailed above and would vary on a case by case basis.
If you are contemplating research or releasing data that might require the use of the ADLS TTP then please feel free to contact us for further information and advice or to discuss your proposal in the first instance.