During the pandemic the UK Data Service has agreed additional application measures with data owners to enable continued research use of SecureLab, whilst mitigating risks from working outside institutional environments.

July 2021

COVID-19 changes to SecureLab access


How is the UK Data Service SecureLab different to the ONS Secure Research Service (SRS)?

The UKDS SecureLab is very similar to the ONS SRS and you will find familiar statistical software, including Stata, SPSS and ArcGIS. You can use Microsoft Office to write papers and design your presentations.

However, there are two important differences:

  1. You log in to SecureLab at your institution, either from your office desktop PC, or from a secure room provided by your institution, depending on the nature of the data. You no longer need to travel to an ONS office to access the data.
  2. You produce all your work within the SecureLab. Because you can log in from your institution whenever you wish to, there is no two-tier system of intermediate and final outputs. Instead, all of your work, from initial data exploration to writing your final paper, is done in your user area on our system. We provide you with project folders that are shared with colleagues approved to work on the same project. When you are ready to publish we check your final outputs before releasing them to you.

We work closely with the ONS to ensure that all economic and social data currently available in the SRS will be available from the UK Data Service.


Is there a charge for using SecureLab?

No. The UK Data Service SecureLab is a critical research service we provide to eligible researchers and is funded by UKRI through the Economic and Social Research Council. We do not currently charge researchers to use the service.


What’s the Secure Access User Agreement?

The Secure Access User Agreement outlines the terms and conditions of use of the service. This Agreement is signed by both you, as the researcher, and a suitable officer at your institution (for example from a contracts office) and must be returned before we can grant access to Secure Lab.

The agreement includes:

  • Liability for the researcher to complete the training.
  • Information security responsibilities (not giving out password, not disclosing or compromising any Personal Information).
  • Penalties and breaches.
  • Output release policy.
  • Acknowledgements and copyright requirements.

The Agreement evidences that you understand the seriousness of the undertaking, and that you and your institution understand the penalties that may be imposed for breaches of security or confidentiality.


Can I or my University amend the User Agreement?

No. Many Universities have agreed to sign the agreement as it stands. We cannot tailor the agreement for each specific University/request. It is an agreement that fulfils the requirements of numerous parties such as the ONS, ESRC and the University of Essex.


What’s included in the SecureLab Safe Researcher training?

The training course includes relevant legal and ethical responsibilities, required security procedures, guidance on Statistical Disclosure Control of outputs, penalties for breaches, as well as practical instruction on how to access and use the system.

Further information can be found on the Apply to access controlled data page.


Using the UK Data Service SecureLab

I click on the SecureLab login page but I don’t get through to the username and password page?

  • Do the UK Data Service have your correct IP address? Usually this error occurs because you are trying to access the service from a computer that our secure server firewall doesn’t recognise.
  • Have you recently changed your computer? Check with your IT support to confirm your computer’s IP address and check that it is a ‘static routable’ IP address (dedicated to your computer and that doesn’t change every time you start the machine).

Please email us with your confirmed IP address and we will update our firewall if necessary.

  • Have you been granted access to SecureLab yet? If you have not yet been issued with your SecureLab credentials, then you won’t be able to access the service. Please wait until you have received your credentials before trying again.

When I click on the SecureLab Desktop icon, the SecureLab window doesn’t launch. Nothing happens?

This could be a software error on your PC.

  • Un-install your Citrix client software and install the latest version (visit the Citrix website to download the latest version of Citrix Workspace)
  • Restart your computer and try again. Your IT support may have to do this for you

The Citrix software is the small software application that you installed on your computer just before we provided you with your username and password.


Can I download data from the UK Data Service SecureLab?

Given the potential sensitivity, confidentiality and disclosiveness of the data, it is not possible for you to download any data from the system but you can view and analyse the data on your local computer via remote access. You may not, however, copy any analytical outputs from your screen, but you can share interim results with registered colleagues within SecureLab. The service carries out Statistical Disclosure Control checks on outputs ready for publication before these can be released and sent to you by email.


How do I link external business data to ONS business data?

The UK Data Service is able to assist researchers wishing to link external business data to ONS business data in SecureLab. See our guide on linking external business data to ONS business data for further information.


What is Statistical Disclosure Control?

Statistical Disclosure Control (SDC) is the process of reviewing your work to ensure that your results (for example descriptive statistics and other analyses), cannot be used to identify an individual respondent.

There are a variety of statistical measures commonly used by researchers that we have to check. The SDC standards we adhere to have been agreed by other European countries and can be found in the document guidelines for the checking of output based on microdata research.

We undertake SDC of all outputs that researchers request from their Member Logon areas. We do the checks manually – this gives us the flexibility to consider each project individually. For this reason, as with our European colleagues, we do not feel that SDC software is appropriate to use for checking outputs created by our members.

We provide SDC training for our members, so you are aware of the SDC rules that we apply.

Along with other members of the Safe Data Access Professionals Working Group, we have produced this Handbook on Statistical Disclosure Control for Outputs (link needed). The Handbook provides practical guidance about how to assess a variety of statistical results for statistical disclosure and ensure that ‘Safe Outputs’ are released from their secure data environments. It can be used by staff responsible for statistical disclosure control checks, as well as users of Safe Settings. The Handbook also provides advice to organisations on setting up and managing the statistical disclosure control process.


How do I apply for an output to be checked?

We have created an SDC folder inside your login project folder. When you have finished your document, save a copy into this folder. You should then complete an Output Release Form available from our get in touch page.


What outputs will be returned to me?

Outputs can only be removed from the Secure Lab environment subject to Statistical Disclosure Control checks by trained staff – once checked and deemed safe, these are emailed to you.

In the UKDS SecureLab, outputs are statistical results that have been written up for publication and/or presentation. You will have selected the results you wish to present to the outside world, from the analysis you have generated inside the Secure Lab, and written up the results. The output should be of a ‘publishable quality’, have a specific purpose/use and be within the scope of your project, as specified on your approved project application form.

Publishable outputs include written documents and presentations. The publishable output types that are permitted for release from SecureLab are:

  • Journal publication/paper
  • Working paper
  • Book chapter/book
  • Commissioned/policy report
  • Report to funder
  • Final report
  • Interim report
  • Conference/seminar presentation
  • Research dissertation/thesis/chapter

Researchers may also request release of their syntax files. These must not include any data or references to the SecureLab server name (details in the SecureLab User Guide).

You must also ensure that your output meets our minimum requirements. These minimum requirements must be met in order that we can make a thorough Statistical Disclosure Check:

  • Information about the data source, sample, methodology must be included.
  • Graphs, figures etc. must be fixed images (e.g. JPEG).
  • Unweighted cell counts must be provided for everything – e.g. graphs, figures, percentages, models results.
  • Tables/figures must be clearly numbered and labelled.
  • Variables must be given meaningful names, not just the labels from the dataset.
  • You must clearly explain what each graph, figure etc. shows.
  • You should not request a data file. We cannot release data or any STATA, SPSS or R files from SecureLab.
  • There should not be any of the following embedded items in the output (use the ‘Inspect Document’ function to check this):
    • Embedded documents
    • Invisible content
    • Hidden text
  • You must include the data citation in the output (this can be found for each dataset on the UK Data Service website and in the ‘Study Information’ files in your project area).

If any of the minimum requirements are not met, or your output is not of ‘publishable quality’ or is out of scope, then your output will not be released. We will have to contact you for further information, thus delaying the release of your output and the outputs of other users.

SecureLab researchers working on the same project can easily share their intermediate findings through shared project folders. However, in some cases, we may release ‘intermediate results’ – see the answer to ‘What if a co-researcher is not eligible to use the Secure Lab?’


Can I discuss outputs with an Accredited Researcher on the same project as me?

You may discuss outputs with an Accredited Researcher on the same project, but this must be done discreetly and privately. It is absolutely forbidden to write anything down from the screen and outputs may only be shared in the project folder in your SecureLab Login area or in the form of ‘final outputs’, following Statistical Disclosure Control and release by a member of the UK Data Service Support team.


What if a co-researcher is not eligible to use the UKDS SecureLab?

Results which have not been checked by UK Data Service staff and returned to you must not be shared or disclosed to anybody else. They should only be accessed by a colleague working on the same project  – see the answer to ‘Can I discuss outputs with an Approved/Accredited Researcher on the same project as me?’

You are not permitted to share any actual results, such as a regression coefficient or a frequency count, with a non-approved researcher (even if you think they are not disclosive).

You may, however, discuss the overall research proposal and the results without disclosing any actual results.

If you wish to show actual results to a colleague who is outside the UK or who is not eligible to use SecureLab, then you may ask us to release intermediate outputs provided that (i) the colleague has registered with the UK Data Service and agreed to its End User Licence and (ii) these outputs are equivalent as possible to ‘finished goods/final outputs’ e.g. a table in a MS Word document that includes sufficient surrounding text to allow us to understand and check the output.


What are the penalties for a breach of the terms of access for data?

A breach in the terms of access may result in:

  • The immediate termination of the licence holder’s access to the data and the termination of the licence – depending upon the seriousness of the breach, the termination of access may be permanent.
  • Sanctions being sought against the licence holder by the data owner.
  • For government data that fall under the Statistics Act 2007, penalties as specified in S39 of the Act – this may include a fine and/or imprisonment.
  • Individual or institutional suspension from all ESRC data services.
  • Individual or institutional sanction from ESRC funding.

Self-reported unintentional breaches will be penalised with discretion. Researchers who take full and prompt action to correct a self-reported and unintentional breach will not normally be penalised but may be asked to repeat training/induction.