Skip to main content

Putting data security at the heart of the Online Safety Data Initiative

Posted by: , Posted on: - Categories: Data security

Hands typing on a laptop computer with a graphical overlay of padlocks and other icons

The OSDI is a 15-month project commissioned by the Department of Digital, Culture, Media & Sport (DCMS) to improve the quality and availability of data for the Safety Tech sector, to support the development of technology that identifies and removes harmful and illegal content from the internet. One of our core principles is our commitment to data privacy and security, which is supported through our data security workstream.

The challenge and purpose of our data security workstream

We recognise that when working with sensitive online harms datasets, data security and privacy has to be paramount, to protect data owners, data processors and the public. To ensure data security is a central tenet to anything we develop, we set up a specific workstream to define the standards to which the rest of our project will be held.

Our approach to addressing data security concerns

We’re engaging with a range of experts on data security and privacy across government, the private sector and third sector. We aimed to consider data security holistically and early to build solid foundations and also explore emerging technologies that can enhance privacy.

The data security workstream assessed a range of data security frameworks and principles, privacy enhancing technologies, as well as legal and data governance considerations and built some of these into our recommendations.

Reviewing Data Security Frameworks and Principles 

Our initial work has involved reviewing and assessing best practice cybersecurity frameworks, that can help provide principles for data security. The National Cyber Security Centre Cyber Assessment Framework provides important principles for managing security risk, protecting against cyber attacks, detecting cyber security events and also minimising the impact of cyber security incidents.

We’ve also analysed the National Institute of Standards and Technology’s Cyber Security Framework. This helps to guide data security day-to-day security work with repeatable, consistent, best practice processes.

Zero Trust implementation principles could also be practically applied to any project we develop later in this programme. These are an approach to security focused on ensuring that only people who are authorised to do so get access to network systems. As the specific technical solutions for this initiative get defined, we will refine the specific data security frameworks and principles needed.

Investigating the potential of Privacy Enhancing Technologies 

We’re researching emerging Privacy Enhancing Technologies (PETs). These technologies have exciting potential as they help make it possible to derive insight from data while maximising data security and personal privacy.

PETs are currently being tested in the online harms space, including in academia by the Research Centre on Privacy, Harm Reduction and Adversarial Influence Online [UCL, 2020]. We’ll continue to explore whether we can use these technologies as part of this initiative.

Exploring data governance and legal considerations

To ensure that personal rights and freedoms are protected as safety tech innovators build technology to solve online harms challenges, we’re looking closely at the legal, privacy and ethical factors that will need to govern data access.

It’s also incredibly important to make sure that data processing during this initiative is lawful, fair and transparent. Compliance with legislation on data protection must be integrated into our approach, with the guidance of the Information Commissioner’s Office.

Conclusion and next steps

We started work on data security early to make sure it gets the proper attention it needs from the start and before any technology is built. The next steps are to continue our research and then refine an approach for the rest of the project.

Sharing and comments

Share this page

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.