Effective researcher management

Abstract

National Statistical Institutes [NSIs] are increasingly investigating new ways of providing access to confidential microdata for research purposes. These innovations are being driven by the requirement for NSIs to ensure the best possible return for their investments in data collection coupled with researchers’ increasing demand for highly detailed microdata.
After a long period of decline as NSIs focused on confidentialising data to produce 'scientific use files' for circulation, Research Data Centres [RDCs], which allow researchers largely unrestricted freedom to work on highly detailed microdata within a secure environment, are making a comeback. The reasons for this include (a) the potential for remote access solutions which overcome most of the limitations of physical RDCs, (b) associated new models of working which have caused a revision of the confidentiality/utility tradeoff, and (c) increasing policy demands for analysis, such as local area studies, which can only be met by detailed microdata
These new ways of working which include an increased focus on ‘customer engagement’ and the effective use of resources within the public sector are leading to the realisation that the involvement of the researcher community is a key element of the success of any solution. Most obviously, the emerging field of output-based SDC requires the active engagement of researchers to be properly effective. If researchers are seen as an active part of the security model, as opposed to something for the data to be protected against, then both more efficient and more secure operating models can be devised.
This paper considers how the active engagement of researchers in the management of RDCs, and the design and implementation of data access systems in general can be used to improve data security. It also addresses a number of clichés espoused by both academics and NSIs and argues that, while there is some truth in these, a fair assessment of current risk is often eschewed in favour of simple judgments based on past practice. Finally we note that the quest for security based upon a technological perspective and a fundamentally negative view of human behaviour can lead to exactly the outcomes which RDCs designers are trying to avoid.