1 / 13

Data Security, Transfers and Access Sandra Tudor HMRC

Data Security, Transfers and Access Sandra Tudor HMRC. September 2008. Presentation Overview. Data Security in HMRC – 2007 to 2008 Impact on Trade Statistics Data Governance Data Sharing and Data Access The DARTTS project. Data Security – 2007.

anneke
Download Presentation

Data Security, Transfers and Access Sandra Tudor HMRC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Security, Transfers and AccessSandra Tudor HMRC September 2008

  2. Presentation Overview • Data Security in HMRC – 2007 to 2008 • Impact on Trade Statistics • Data Governance • Data Sharing and Data Access • The DARTTS project

  3. Data Security – 2007 • Following an incident in 2007, there was a wide-ranging review of data security in HMRC • This led to • The Lockdown • Clarification of • Guidance • Roles • Responsibilities • Processes • and • Some system improvements

  4. Trade Statistics and data security: Processing • Key features • Secure Mainframe & Unix systems with password access • Trade statistics located on a complete floor • ‘Electronic folder’ for trader specific information • Secure restricted access areas on shared network drives • Restricted discussions with operational colleagues concerning individual data items • Limited access to aggregate data prior to release • Encrypted laptops, with restrictions on movement of laptops & Blackberries

  5. Trade Statistics and data security: Data Access • Existing Trade Statistics checks • Check if the data are in the public domain (or pre-release) • If not usually published • Do we want to release the data? • Do we need/have a legal gateway? Access to Trade Statistics is governed by • EC legislation; • HMRC legislation; • EU Statistical Code of Practice; • UK Code of Practice; • and new UK Statistical legislation passed in 2008

  6. Trade Statistics and data security: Data Transfers New process for ‘bulk data - once agreed we can release the data • Complete a Data Transfer Request • Security classification, transfer method, customer, frequency, etc. • Send to our ‘Data Guardian’ for approval from IT Security Group • Once authorised, send data • We move large volumes of aggregated data each month and needed to speed up the new approval process

  7. Trade Statistics and data security: Data Transfers (2) • We developed a matrix of product type by category • Published/ unpublished • Pre-release • ‘Publishable’ • Trader level or aggregated • Suppressions (disclosure control) applied/ not applied/ not applicable • Security classification • Usually restricted or not classified

  8. Data Security – 2008 • Impacts • Needed additional resource to manage new process steps • Missed some initial delivery deadlines • New system is less flexible and takes longer • ‘Lockdown’ on laptops and removable media is still impacting Benefits • Better management processes and assurance • Reduced number of outputs • Better compliance with the National Statistics Code of Practice

  9. Data Governance • We also • Created a new Data Governance role • Including stronger information and records management • Reviewed password access controls for statistical systems • Reviewed all the regular data outputs with customers • In spite of previous reviews we found some products could be stopped • Introduced a more rigorous RACI analysis • Responsible, Accountable, Consult, Inform

  10. Data Sharing example • The DARTTS project, USA and UK • Data Analysis & Research for Trade Transparency System • Projects set up between US Homeland Security and other countries to fight Trade-Based Money Laundering (TBML) • The software analyses outliers in data using time series, price/weight ratios and asymmetries • Anomalies are investigated first to check for data errors – leading to potential improvements in data quality • Remaining anomalies are investigated as potential fraud – duty fraud or TBML

  11. Data Sharing example, continued • The DARTTS project, USA and UK • Requirement for an anonymised set of trade data on trade between • USA and UK • UK Trade Statisticians facilitated data extraction from administrative data, and provided the algorithm for anonymising the data • We will benefit from the data cleaning aspect • We have delivered the first set of data for the pilot • Revised specification waiting for approval • Initial analyses has already shown some data issues in two chapters • Our analysis suggests these are data errors

  12. Data sharing: benefits • Bilateral matching/asymmetry work with other countries’ statisticians • Allows us to resolve more errors • Data cleansing • Feeding back trader data errors to Customs • Provide input to Fraud analyses and targeting • But need to balance with security requirements • HMRC work on creating a new Data lab • Building on ONS model • Initially for tax statistics • We have prospective GSS demand for trade data

  13. Thank you HM Revenue & Customs sandra.tudor@hmrc.gsi.gov.uk

More Related