You are here

Protecting Data

Three Tier Access Policy

The CDRC provides data with three different levels of access. These correspond to the data levels described in the UK Data Service’s three tier access policy.

  • Open data: data which are freely available to all for any purpose. Open data are accessed through the CDRC service via basic registration and download.
  • Safeguarded data: data to which access is restricted due to license conditions, but where data are not considered ‘personally-identifiable’ or otherwise sensitive. Access is available via a remote service with registration and project approval requirements.
  • Controlled data: data which need to be held under the most secure conditions with stringent access restrictions. Access is available via secure services at CDRC sites, with registration and project approval requirements.

Licence Agreements

The Centre obtains data from our partners under licence agreement. These licences stipulate whether the data can be made available via the Open, Safeguarded or Secure services. It also sets out the conditions of use, for example it may limit the use to research for academic purposes only or look to accommodate the commercial interests of the data provider.

Safe Environments

The Centre has a safe and secure data infrastructure that maintains the integrity of data for owners and users.


The CDRC has an expert team of Data Scientists with expertise in data management, handling, licensing and security.

Trusted Researchers

Our researchers come from universities across the UK and are at the forefront of their field of study. Whilst the CDRC Open service is available to all, those wishing to use the Safeguarded and Secure services must be registered users and have completed our Safer Research Training.

Governance (Safeguarded and Secure)

In addition to researcher registration and training, each proposed project undergoes an individual approval process. The CDRC Research Approvals Group (RAG) is responsible for reviewing and approving each project. The RAG is drawn from the UK social science academic community and are representative of the data providers in question.

Safe Results (Secure)

Additional procedures are in place to monitor those using controlled data from the Secure service. A number of checks are carried out during the course of a project to ensure that the data are being used both responsibly and for the purpose for which they were approved. Centre staff check that results are relevant to the researchers approved research project and do not contain any information that would allow any person, household, business or other sensitive entity to be identified. Full information on the procedures in place to protect data can be found in the user guide.

Data Privacy Impact Assessment

Our Principal Investigator for the UCL/Liverpool/Oxford part of CDRC has carried out a Data Privacy Impact Assessment (DPIA) which has been checked by the UCL Data Protection department. You can download the latest version of the CDRC DPIA relating to the data which is held across the three universities.

The Information Commissioners Officer (ICO) provides guidelines for best practice for data sharing in their Data Sharing Code of Practice.