Intro to public sector data
Learn more about what public sector data is and how it's used in research.
Learn about Trusted Research Environments and how they help researchers access data.
Data controllers have a legal and ethical responsibility to protect sensitive data. To keep data safe when it is used for research, data controllers often store public sector data in secure locations known as Trusted Research Environments (TREs): secure physical or digital environments which can only be accessed by approved researchers.
In the past, researchers could only analyse data after transferring it onto their own computer, making the data vulnerable to leaks or misuse. In recent years, TREs have been developed to allow research to be carried out inside a secure, controlled environment.
Data cannot be taken out of a TRE. Researchers can only export their aggregated analysis results, and only after they have been reviewed by output checkers to ensure that no sensitive person-level data is included.
Trusted Research Environments exist across the UK. In Scotland, they are often referred to as data safe havens, while in the rest of the UK they are sometimes called secure data environments or secure research environments.
To keep data secure, Trusted Research Environments are guided by the Five Safes framework – a set of principles designed to ensure safe and secure access to data for researchers.
To find out more about the Five Safes framework, read our explainer: What is the Five Safes framework?
One example of a Trusted Research Environment in Scotland is the National Safe Haven, which houses health data controlled by Public Health Scotland and other data controlled by the Scottish Government.
To access data in the National Safe Haven, researchers are granted access via a secure digital or physical environment. Since the start of the COVID-19 pandemic, remote digital environments have become the most common way of accessing data in the National Safe Haven.
To access the TRE remotely, researchers can use their own device to log on via a controlled virtual private network (VPN), with additional security measures including a two-factor authentication process to confirm the researcher’s identity before they can access data. Researchers are unable to export any data from the TRE until it has been aggregated and approved by the data controllers.
Physical environments are dedicated computers where usage is controlled, internet access is not possible, and no external devices can be connected. To access the TRE, researchers need to book a timeslot with a research co-ordinator and visit a secure access point at the Royal Infirmary of Edinburgh’s BioQuarter or selected universities across Scotland. Just like digital environments, no data can be taken out of the physical TRE until it is aggregated and approved by the data controller.
As TREs have developed organically over time, other TREs such as the National Records of Scotland TRE and Scotland’s Regional Safe Havens have developed their own processes for ensuring secure data access.
In Scotland, there are four Regional Safe Havens: Trusted Research Environments which each hold data for their respective regions.
TREs provide researchers with a single location to access valuable datasets specifically for their research, with both the data and the tools for analysing it held in the same place. Data can’t be taken out of a TRE. Instead, researchers bring their analysis to the data. Before their results can be taken out of the TRE, they are checked for disclosure risks to make sure they are safe for publication.
This greatly reduces the risk of sensitive data being leaked or misused and ensures that data controllers have more control over how data is handled.
Because TREs are developed with data security as a priority, the public can be confident that the data is held securely. This is particularly important when handling sensitive public sector data, such as health data, which requires complex privacy protections. The more secure the data access process is, the lower the risk of data misuse.
TREs also help make research time-efficient and cost effective. By holding data in one location, TREs reduce the costs and time associated with transferring and storing duplicates of large datasets, leading to more timely results that can be used to inform policy and improve lives.
Because TREs have grown organically over time without a standardised approach, the current systems can be complex and time-consuming for researchers, leading to delays in research.
Part of our work at Research Data Scotland involves creating the Researcher Access Service: a digital platform to improve the end-to-end researcher journey. Our initial work on the Researcher Access Service will improve the upfront information that is available to researchers; work to digitise the application process (including a portal for applicants to track the status of their application throughout); and introduce a risk-based triage approach to information governance, fast-tracking simpler projects that don’t require complex privacy considerations.
By simplifying the process of accessing data for research, we hope to make it quicker for data users to undertake research, leading to more timely conclusions without sacrificing the security of current systems.
Find out more about the work we're doing to improve access to data.