Access to sensitive data: satisfying objectives rather than constraints

The argument for access to sensitive unit-level data produced within government is usually framed in terms of risk, and the legal responsibility to maintain confidentiality, even where the government has a duty to provide data. This paper argues that the way the question is framed may be restricting the set of possibilities; and that the correct perspective needs to start from a more abstract plane, focusing on the data owner’s principles and user needs.

Within this principles-based framework, the role of law and risk changes: they become enabling technologies, not setting the objectives but helping to define the solution. For law, this perspective allows for both more flexible solutions within the current legal framework, and a coherent way to assess changes to that framework. Similarly, changing the focus to treat risk as just another aspect of data management rather than some absolute standard gives the data owner the conceptual background within which to place the different ways to achieve an acceptable risk-utility balance. Focusing on the objectives rather than the constraints also encourages the data owner to engage with users and build a case for data access which takes account of the wider needs of society.