Safe People

What is a Safe Person?

‘Safe people’ asks the question ‘how much can I trust the users to use the data appropriately?’ This is not about good and bad people. ‘Trust’ in this case is ‘how much do I trust this person to be human ie make silly mistakes, or look for ways to get round onerous operating procedures’. Those humans could be data collectors, data managers, researchers. We should consider how training staff or users could impact this, and how to make that training effective. 

Examples of questions/issues being addressed: 

  • How is the data stored? 
  • Are there physical restrictions on the users? 
  • Does IT prevent unauthorised use? 
  • Are mistakes by authorised users likely to be detected? 

Why do we need training? 

One reason for training is to improve efficiency. If users or staff understand procedures, they are more likely to follow them actively. However, the more important reason is to address attitudes towards the use of confidential data. 

One reason for a relaxed attitude towards data security is that academics do not see themselves as a risk. Some responses include: 

  • On giving access to unauthorised users: ‘They are working with me; I trust them.’  
  • On storing data locally: ‘it’s my computer; no-one else can use it’ and ‘I’ve always worked like this, and I’ve never lost anything.’ 
  • On transferring data inappropriately: ‘If I can’t take my data with me to the conference I won’t get my paper finished’
  • On following procedures: ‘this is just ticking boxes; it doesn’t make any difference’ 
  • Overall: ‘you can trust me’; 

Good practice training involves behaviour change to deal with this. One influential couse which aims to effect behaviour change is safe researcher training (SRT). This is a national training program for researchers using secure ‘trusted research environments’. SRT is required for all the main social science secure facilities, and increasingly  in health research facilities. More information on training can be found here.

Possible ways to achieve safe settings: 

  • Using Trusted Research Environments (TREs), for example, ONS Secure Research Service or UK Data Service 
  • Using air-gapped systems; offline environments where data cannot be downloaded 
  • Screen monitoring could prevent screenshots or unauthorised copying 
  • Data Loss Prevention (DLP) tools block unauthorised transfers (i.e. USB restrictions) 
Scroll to Top