PLACEHOLDER temporary site

The Five Safes

Effective decision-making for data and risk management

The Five Safes is a framework for helping make decisions about making effective use of data which is confidential or sensitive. The Five Safes model also places statistical disclosure control (SDC) in its proper context, as part of a system approach to data security.

Although mainly aimed at public sector managers of statistical/research data, the messages in here should be relevant to all data owners, data scientists, and data users.

What is the 'Five Safes' framework?

The Five Safes breaks down the decisions surrounding data access and use into five related but separate dimensions:
Safe projectsIs this use of the data appropriate, lawful, ethical and sensible?
Safe peopleCan the researchers be trusted to use it in an appropriate manner?
Safe dataDoes the data itself contain sufficent informationto allow confidentialty to be breached??
Safe settingsDoes the access facility limit unauthorised use or mistakes?
Safe outputsAre the statistical results non-disclosive?

A data management solution considers all of these, but may decide to make some elements 'safer' than others. The point is that, overall, the design protects confidentiality through a mix of statistical and non-statistical solutions.

Another way to see this is to think about control: which elements can you control, what do you want to control, and what is beyond your reach? For example, making data freely avaialbe on the web implies that you have no contorl over why it is used, by whom, where, and the what end. THerefore, teh only hink you can do is control teh detail in the data itself.

These are dimensions of looking at the problem, not limits that need to be met. For example, if you were sure that the data would only be accessed in a very controlled environment by very trustworthy users, then the 'safe data' dimension can be largely ignored - it can be as 'unsafe' as you like.

The Five Safes in context, and this website

The Five Safes is a practical guide for decision making, but it developed in the wider EDRU (evidence-based, default-open, risk managed, user-centred) framework which has grown in recent years. This is a modern approach to confidential data management focusing on principles and attitudes, which largely rejects the worst-case hypothetical modelling that has dominated both practical implementations and the academic literature for the last forty years. Hence, this website covers the full range of concepts emobdied in the modern approach. It is, however, worth noting that the Five Safes can be used without needing hte other EDRU elements.

Other concepts associated with Five Safes thinking include 'principles-based output statistical disclosure control', 'active researcher management', 'safe statistics', and the 'data access spectrum'. This can be employed independnetly of any Five Safes plan (and often are) but teh ethos underlying them is very similar to Five Safes thinking; and hte Five Safes provides a hadny way of explainin ghow different elements fit together. Hence, this website brings together research on a lot of related issues so that a holistic picture of risk management can be taken.

There is a large literature on two of the Five Safes: projects (ethics, law and consent), and environments (IT systems). We do not provide a comprehensive guide to thee here. Insterad the aim is to show how asking the right questions can lead to substantially different answers.

There is almost no liteature on the 'people' dimension, especially in respect of training users.

Finally, there is a very large academic literature on preserving confidentiality by either reducing the disk in teh data, or in the outputs. This is 'statistical disclosure control' (SDC). It has been a well-established field for many years, and is often the first consideration for data owners. However, the literature pays little or no attention to the non-statistical dimensions of data risk. The Five Safes framework makes clear that statistical controls are only one dimension of control: the whole system needs to be considered. Hence, also directs to this website, to provide a modern holistic guide to SDC.

next level: