Why Five ‘Safes’ Aren’t Enough for Inter-Organizational Data Exchanges: Introducing Data Republic’s Seven Governance Controls

The business world can learn a lot from organizations, such as the UK Office for National Statistics (ONS), which have been collecting consumer data for decades.

The ONS uses five data governance controls in its Five Safes framework for managing the risk of sensitive information being disclosed. That’s a big step up from many businesses’ typical approach of using one governance control: locking down only the data itself, rather than considering other variables such as who has access to the data and how it’s being used.

Developed by the ONS in 2003, Five Safes has since been adopted by the Australian Bureau of Statistics, Eurostat, Stats NZ, and several other government organizations across the globe. As such, it became a de facto standard for managing disclosure risk.

However, the world has changed remarkably since 2003. Sharing data with other organizations has become a business imperative for gaining new insights, delivering digital-first experiences and creating new services.

In this new era of data-driven applications, we believe it’s time to rethink this model. So we took the Five Safes standard and raised it to offer companies a framework of seven governance controls to better manage and protect sensitive information in inter-organizational data exchanges.

When Five Safes Aren’t Enough

Five Safes is certainly a strong framework for managing and protecting data inside an organization. In fact, Data Republic adopted it when we first started developing our data-exchange platform, Senate.

Essentially, the framework ensures that every data project has five ‘safes’ and can only go ahead if the following questions are satisfactorily answered:

  • Safe projects: Is this use of the data appropriate?
  • Safe people: Can the users be trusted to use it in an appropriate manner?
  • Safe settings: Does the access facility limit unauthorized use?
  • Safe data: Is there a disclosure risk in the data itself?
  • Safe outputs: Are the statistical results non-disclosive?

However, we found that we needed to add to Five Safes for data sharing between two or more organizations. This is because exchanging data with another organization represents a fundamentally different challenge than sharing data between teams within a business. With the latter, data is protected by the organization’s internal data security and governance measures, whereas a company typically loses visibility and control over its data when exchanging a dataset with another business.

For this reason, we added two more controls to Senate: legal and audit controls.

Clearly, a legally enforceable license is important when organizations exchange data. Every data project on the Senate platform requires a ‘license’ that clearly states what authorized users inside and outside the organization can and cannot do with the data. These licenses, along with Data Republic’s legal framework for data sharing, can also standardize legal protocols and data usage processes.

Another key point of difference is Senate’s ability to audit data projects. This isn’t possible with most data-sharing techniques because the data owner loses visibility of the data as soon as it is exchanged. With Senate, however, audit logs allow an organization to track who accessed the data, when it was used, and how.

Data Republic’s Seven Governance Controls

As a result of these and other changes, Data Republic’s Senate platform now has its own governance framework with seven controls:

  1. Legal: What’s in the data license and how is it legally enforceable?
  2. Data: How is the data itself protected?
  3. People: Who has access to the data and how is that access restricted?
  4. Use: What are the permitted uses for the data?
  5. Security: How is the data’s IT environment secured?
  6. Output: What data output is allowable and what checks are made on the output?
  7. Audit: What details are tracked via audit logs?

Importantly, the controls are embedded in the platform to protect data assets—unlike a typical business scenario (without Senate) where governance relies on people adhering to data policies and processes. With Senate, a business can ensure that all data collaboration with other organizations, including analytics, takes place on the platform. This ensures that controls are applied the right way every time and cannot be bypassed.

Offering Both Data Utility and Security

Senate’s seven controls provide a far more comprehensive framework than relying solely on removing or obfuscating data to protect sensitive information. In addition, the framework allows businesses to make better use of data.

As every data analyst knows, the greater the controls on the data itself, the less useful it becomes. Senate’s seven governance controls work like a series of adjustable levers that allow businesses to better manage disclosure risk while maximizing the utility of data.

To help make setting controls easier for businesses, Senate provides five levels of governance, ranging from Level 1—essentially open data—to Level 5, for highly sensitive data.

A Level 1 Senate project is typically selected for datasets intended to be downloaded and accessed by a broad audience. A research organization might release a subset of its data to the public domain, for example. The only controls used are in the license and the data itself —that is, the data owner is able to track where the data was shared and with whom.

A Level 5 Senate project, however, uses all seven controls. For example, the only way to use the data might be for a specific user from an authorized company to perform analytics in a locked-down Discovery Workspace on the Senate platform, with checks and audit rights on the outputs for compliance.

At the start of each data project, the Senate platform asks the ‘custodian’ (an authorized user from the organization that owns the data) a series of questions to set the governance level and controls, depending on the dataset sensitivity, licensing request and participating organizations.

A Balanced Approach to Inter-Organizational Data Sharing

Senate’s seven governance controls allow businesses to gain new insights from data exchanges, but not at the expense of information security.

We have built on the Five Safes model, adapting it for the context of data exchanges between organizations where there are added risks. The addition of legal and audit controls gives data custodians a more robust framework to identify risks during external data sharing projects and manage them effectively.

Our development of Senate’s governance framework is indicative of the balanced approach to data sharing that we at Data Republic strive for. We believe this approach is crucial for businesses to remain competitive and innovate in the digital economy.

For more details on how Senate works, see our whitepaper.