Many statistical organisations require researchers using detailed sensitive data to undergo ‘safe researcher’ training. Such training has traditionally reflected the ‘policing’ model of data protection. This mirrors the defensive stance often adopted by data providers, which shifts the responsibility of failure onto the user, and which derives its behavioural assumptions from the neoclassical economic models of crime.
In recent years, there has been recognition that this approach is not well-suited in addressing the two most common risks to confidentiality: mistakes, and avoidance of inconvenient regulation. Moreover, it is hard to exploit the benefits of user engagement under the policing model, which encourages ‘them and us’ thinking. Finally, there is little evidence to suggest that students absorb “do/don’t” messages well.
There is a growing acceptance that a ‘community’ model of data protection brings a range of benefits, and that training is an investment in developing that community. This requires a different approach to training, focusing more on attitudinal shifts and less on right/wrong dichotomies.
This paper summarises recent learning about training users of confidential data: what they can learn, what they don’t learn, and how to extract the full benefit from training for both parties. We also explore how, in the community model, trainers and data owners also need to be trained as well researchers.
The paper focuses on face-to-face training, but also considers lessons for other training environments.
We illustrate with an example of the conceptual design of a new training course being developed for the UK Office for National Statistics.
[1]
Anco Hundepool,et al.
Guidelines for the checking of output based on microdata research
,
2010
.
[2]
H. Tajfel,et al.
An integrative theory of intergroup conflict.
,
1979
.
[3]
E. Deci.
Cognitive Evaluation Theory: Effects of Extrinsic Rewards on Intrinsic Motivation
,
1975
.
[4]
Mark Elliot,et al.
Principles- versus rules-based output statistical disclosure control in remote access environments
,
2015
.
[5]
Tanvi Desai,et al.
Effective Researcher Management
,
2009,
IASSIST.
[6]
Rainer Lenz,et al.
Evidence-based, context-sensitive, user-centred, risk-managed SDC planning: Designing data access solutions for scientific use
,
2015
.
[7]
F. Ritchie,et al.
Addressing the human factor in data access: incentive compatibility, legitimacy and cost-effectiveness in public data resources
,
2014
.
[8]
F. Ritchie.
Can a change in attitudes improve effective access to administrative data for research
,
2016
.
[9]
John C. Turner,et al.
The story of social identity
,
2010
.