Managing data sharing risks
Sharing data—whether individually, on an ongoing basis, or through open data—introduces risks related to loss of control over access, use, and disclosure. To manage these risks effectively:
- Accept that zero risk is unattainable: The objective is to reduce likelihood and impact to an acceptable level.
- Apply flexible controls: Adjust risk controls based on context, data sensitivity, and intended use.
- Use the Five Safes framework to identify risk controls or safeguards that your agency can implement as part of your data sharing process or data governance initiatives.
The Five Safes framework
The Five Safes framework provides a structured approach for managing risks. Under this framework, risks are managed across five related, but separate 'safety' dimensions: projects, people, settings, data and output.
Safe
Projects
Safe
People
Safe
Settings
Safe
Data
Safe
Outputs
| Five safes | What it means |
| Safe Projects | Data is shared and used for a purpose that delivers a public benefit, and that is legal and ethical |
| Safe People | Data users have the knowledge and skills to use data appropriately and keep the data safe |
| Safe Settings | Data is shared and stored in platforms that prevent or minimise risk of unauthorised use |
| Safe Data | Data is shared and used with appropriate protections applied |
| Safe Outputs | Outputs of data analysis protect privacy and confidentiality |
The framework helps data providers decide whether a requestor can use sensitive data safely and appropriately by:
- reviewing each dimension individually and adjusting risk controls as needed
- ensuring that every data request addresses all dimensions, even if some are not relevant
- assessing that the combined risk controls are appropriate and sufficient to manage the risk.
TIP: Use the Five Safes framework to design or standardise data sharing processes, including designing request and evaluation forms.
Is the use of the data appropriate, lawful and ethical?
Data providers should share data for projects that:
- have clear statistical or research purposes
- are lawful and ethical
- provide a public benefit or in the public's interest.
Share data if the purpose of the request supports evidence-driven:
- government policy making
- program management
- service planning and delivery.
Can the user be trusted to use the data in an appropriate manner?
Data providers should share data with authorised users who are able to use the data appropriately and keep the data safe.
Common requirements for safe user authorisation include:
- Providing evidence of knowledge, skills or experience in data or statistical analysis.
- Where appropriate, providing a Working with Children Check or National Police Check clearance.
- Signing data privacy and confidentiality undertakings.
- Completing training which explains legal and ethical responsibilities in accessing and using data. This can also include training on the use of data platforms and tools, if sharing is via access to the data provider's environment.
Does the access environment prevent unauthorised use?
The environment—both physical and digital—must have controls in place to minimise the risk of unauthorised access and use of data. The level of protection should align with the level of risk.
Safe settings may include:
- locked rooms requiring personal authentication
- isolated IT environments with restricted external connectivity
- where only pre-installed software can be used
- where access to, and activity within, the secure environment is logged, audited and monitored for unauthorised access
- where files are produced and saved inside the secure environment.
The NSW Data Analytics Centre's Advance Secure Analytics Lab and Advanced Analytics Service are examples of safe and secure environments to store and access sensitive NSW government data.
Have appropriate protections been applied to the data?
Before sharing, data must be treated to reduce the risk of disclosing sensitive NSW government data.
At a minimum, data providers should:
- check that the data does not contain:
- information which may identify an individual or community
- commercial-sensitive or confidential information
- any data that could trigger, create or contribute to a threat, issue, breach or vulnerability.
- only include data variables required for the project
- use data treatments such as:
- de-identifying data
- anonymising data
- suppressing data values
- aggregating data
- remove direct identifiers such as names and addresses
- test data treatments to ensure that disclosure risks are reduced
The above practices, including data treatments and techniques can help reduce the risk of disclosure while making sure that data remains useful.
Do the outputs protect privacy and confidentiality?
Outputs are generally considered safe if they report analytical findings and do not reveal or identify people or organisations that provided the data.
Controls to apply include:
- disclosure clauses relating to outputs in data sharing agreements
apply and test data treatments such as cell frequency rule, cell dominance rule, group disclosure rule, or 10 degrees of freedom.
The cell frequency rule sets a threshold value for the minimum number of individuals in any cell. If a cell fails this rule, action is needed to reduce likelhood of identification of data subject to unlikely.
The cell dominance rule is used to assess whether a table cell may enable re-identification or disclosure
Group disclosure rule means that in all tabular or similar outputs, no cell should contain 90% or more of its column or row total
Degrees of freedom refers to the maximum number of logically independent values, which are values that have the freedom to vary in a data sample. All modelled output should have at least 10 degrees of freedom.
- review process before outputs are released to intended users.
This is the final step in the process—ensuring that even if the source data is detailed, only non-disclosive results are published or shared.