The present and future of the Five Safes framework

Main Article Content

Felix Ritchie


The Five Safes has become the default framework for confidential data governance across multiple sectors and countries. Since its inception in 2003, the approach has influenced data management in many ways, particularly in the public sector. As it has become established and widely used, both its advantages and limitations have come to the fore, along with an understanding of modern data management principles.

This paper explores the history, application, strengths and limitations in the Five Safes. It discusses the different variations on the framework over time, as well as recent suggestions for deepening or extending the framework.

Finally we discuss the framework’s relationship to the emerging preference for principles-based regulation and design, showing how there is a concordance between the two which may lead to a new consensus on good data governance design models.

Article Details

How to Cite
Green, Elizabeth, and Felix Ritchie. 2023. “The Present and Future of the Five Safes Framework”. Journal of Privacy and Confidentiality 13 (2).
NAHDAP-ICPSR restricted data workshop
Author Biography

Lizzie, University of the West of England Bristol

Senior Research Fellow


Alves, K., Tava, F., Whittard, D., Green, E., Beata Kreft, M., & Ritchie, F. (2021). Process and economic evaluation of the ODI R&D programme: Final report. London: Open Data Institute

Arbuckle L. and El Emam K. (2020) Building an anonymization pipeline. O’Reilly Publishers

Atkin C., Crosby B., Dunn K., Price G., Marston E., Crawford C., O’Hara M., Morgan C., Levermore M., Gallier S., Modhwadia S., Attwood J., Perks S, Denniston A., Gkoutos G., Dormer R., Rosser A., Ignatowicz A., Fanning H. and Sapey E. (2021) Perceptions of anonymised data use and awareness of the NHS data opt-out amongst patients, carers and healthcare staff. Research Involvement and Engagement v7:40

Bailie J. (2020) Big data, differential privacy and national statistical organisations.Statistical Journal of the IAOS 36(3):1-8. DOI: 10.3233/SJI-200685

Bender S., Blaschke J., Hirsch C. (2022) Data Production in a Digitised Age: The need to establish successful workflows for micro data access. Deutsche Bundesbank, Research Data and Service Centre Technical Report 2022-02.

Bleninger P., Drechsler J., and Ronning G. (2011) Remote data access and the risk of disclosure from linear regression. Statistics and Operational Research Transactions, Special Issue: Privacy in Statistical Databases. 35:7-24

Boniface M., Carmichael L., Hall W., Pickering B., Stalla-Bourdillon S. and Taylor S. (2021) The Social Data Foundation Model: Facilitating Health and Social Care Transformation through Datatrust Services. Mimeo University of Southampton Interdisciplinary Centre for Law, Internet and Culture.

Boniface M., Carmichael L., Hall W., McMahon J., Pickering B., Surridge M., Taylor S., Atmaca U-I., Epiphaniou G., Maple C., Murakonda S., Weller S. (2022) Privacy Risk Assessment Requirements for Safe Collaborative Research. DARE UK Sprint 'PRiAM' v1.1, July.

Brennan P., Fitzpatrick M., LarranagaJ., O'Donnell V., Osman M., Petterson C., Powles J., Twomey C., Wortham R. (2019) Privacy and Responsible Information Sharing for Western Australia. Community Submission to WA consultation on data sharing.

Bujnowska A. (2018) Access to European Microdata for Statistical Purposes.

Corti L., van den Eyden V, Bishop L. and Wollard M. (2020) Managing and Sharing Research Data: A Guide to Good Practice, 2nd edition. Sage.

Coulter A. (2021) atient trust in plans to share primary care data. British Medical Journal v373:1413

Cranswick K., Tumpane S. and Stobert S (2019) Virtual data labs - A more flexible approach to access Statistics Canada microdata. UNECE/Eurostat Work Session on Statistical Data Confidentiality, The Hague, October

Culnane C., Rubinstein B., Watts D. (2020) Not fit for Purpose: A critical analysis of the ‘Five Safes’. Mimeo, University of Melbourne.

Desai T., Ritchie F., and Welpton R. (2016) The Five Safes: designing data access for research. Working papers in Economics no. 1601, University of the West of England, Bristol. January

DPMC (2019) Data Sharing and Release Legislative Reforms Discussion Paper. Commonwealth of Australia, Department of the Prime Minister and Cabinet.

DSS (2016) Data Access Project: Final Report. Australian Government Department of Social Services. June.

El Emam K. and Arbuckle L. (2020) The Five Safes of Risk-Based Anonymization. Privacy Analytics White Paper.

Elliot M., Mackey E. and O'Hara K. (2020) The Anonymisation Decision-Making Framework: European Practitioners’ Guide, 2nd Edition. UK Anonymisation Network.

Eurostat (2016) Self-study material for the users of Eurostat microdata sets

Green E., Ritchie F., Newman J. and Parker T. (2017) "Lessons learned in training 'safe users' of confidential data". UNECE worksession on Statistical Data Confidentiality 2017. Eurostat.

Griffiths K., Blain J., Vajdic C. and Jorm L. (2021) Indigenous and Tribal Peoples Data Governance in Health Research: A Systematic Review. Inernational Journal of Environmental Research and Public Health. v18:10318.

GroosD. and van Veen E. (2020) Anonymised Data and the Rule of Law. European Data Protection Law. v4 pp498-508

Hafner H-P., Lenz R., Ritchie F., and Welpton R. (2015) "Evidence-based, context-sensitive, user-centred, risk-managed SDC planning: designing data access solutions for scientific use", in UNECE/Eurostat Worksession on Statistical Data Confidentiality 2015, Helsinki.

Hafner, H., Lenz, R. & Ritchie F. (2019). User-focused threat identification for anonymised microdata. Statistical Journal of the IAOS, 35(4), 703-713.

Hallinan D., Friedewald M. and McCarthy P. (2012) Citizens' perceptions of data protection and privacy in Europe. Computer Law & Security Review v28:3 pp263-272

HDR (2020) Trusted Research Environments (TRE). UK Health Data Research Alliance Green Paper v1.0 30 April.

ICON (2016) Hellenic Statistical Authority Mission on microdata access: final report. Eurostat

Jenkins S., Harris A., and Lark R. (2017) Maintaining credibility when communicating uncertainty: The role of communication format. In: Gunzelmann G., Howes A., Tenbrink T. and Davelaar E. (eds.) CogSci 2017: Proceedings of the 39th Annual Meeting of the Cognitive Science Society. (pp. pp. 582-587). Cognitive Science Society: London, UK.

Jefferson E., Liley J., Malone M., Reel S., Crespi-Boixader A., Kerasidou X., Tava F., McCarthy A., Preen R., Blanco-Justicia A., Mansouri-Benssassi E., Domingo-Ferrer J., Beggs J., Chuter A., Cole C., Ritchie F., Daly A., Rogers S. and Smith J. (2022) Recommendations for disclosure control of trained Machine Learning (ML) models from Trusted Research Environments (TREs).

Karrar N., Khan S., Manohar S., Quattroni P., Seymour D., Varma S. (2021) Analysis of Data Use Registers published by health data custodians in the UK. medRxiv preprint doi: preprint doi:

Keenan P. (2020) “Dictum meum pactum”: UK regulation: Rules or Principles. Keenan Regulatory Consulting.

Lane J., Bowie C. , Scheuren F., and Mulcahy T. (2009) NORC Data Enclave: Providing Secure Remote Access to Sensitive Microdata. Presentation available at Accessed 20.8.2022

Lane J. (2020) Democratizing our data: a manifesto. MIT Press

Marcotte J., Rush S., and Ogden-Schuette K. (2020) Tiered Access to Research Data for Secondary Analysis. University of Michigan.

McEachern S. (2021) CADRE Five Safes Framework - Conceptualisation and Operationalisation of the Five Safes Framework. Co-ordinated Access for Data, Research and Environments. doi:10.5281/zenodo.5748610

NRC (2014) Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences. National Research Council doi:10.17226/18614. ISBN 9780309298063. PMID 25032406.

OECD (2014) OECD Expert Group for International Collaboration on microdata Access: Final report. Organisation for Ecoomic Co-operation and Development.July.

ONS (2011) Secure Data Service Risk Assessment. Mimeo, Office for National Statistics.

ONS (2020) Safe Researcher Training 2017 onwards. Office for National Statistics. Last reviewed June 2020

Oppermann I. (ed.) (2018) Privacy in Data Sharing: a guide for business and government. Australian Computer Society. November.

Oppermann I. (ed) (2019) Privacy-Preserving Data Sharing Frameworks People, Projects, Data and Output. Australian Computer Society.

OSR (2018a) Joining up data for better statistics. Office for Statistics Regulation Systematic Review Programme Report. September

OSR (2018b) Regulatory guidance – Building confidence in the handling and use of data. Office for Statistics Regulation. Updated October.

OSR (2019) Joining up data for better statistics. Office for Statistics Regulation Systematic Review Programme Report. October

Productivity Commission (2017). Data Availability and Use – Inquiry Report. Australian Productivity Commission.

Rahman M., Jirotka M., and Dutton W. (2007) Lost in Reality: The Case for Virtual Safe Settings (2007). Mimeo, University of Oxford.

Raisaro J., Marino F. Troncoso-Pastoriza J., Beau-Lejdstrom R., Bellazzi R., Murphy R., Bernstam E., Wang H., Bucalo M., Chen Y., Gottlieb A., Harmanci A., Kim M., Kim Y., Klann J., Klersy C., Malin B., Mean M., Prasser F., Scudeller L., Torkamani A., Vaucher J., Puppala M., Wong S., Frenkel-Morgenstern M., Xu H., Maiyaki Musa B., Habib A., Cohen T., Wilcox A., Salihu H., Sofia H., Jiang X. and Hubaux J. (2020) Improving Data Quality in Medical Research: A Monitoring Architecture for Clinical and Translational Data Warehouses. Journal of the American Medical Informatics Association v0:0 pp1–6 doi: 10.1093/jamia/ocaa172

Ritchie, F. (2008) Secure access to confidential microdata: four years of the Virtual Microdata Laboratory. Economic Labour Market Review 2, 29–34.

Ritchie F. (2013) "International access to restricted data: A principles-based standards approach". Statistical Journal of the IAOS v29:4 pp289-300. DOI 10.3233/SJI-130780

Ritchie F. (2014) Resistance to change in governments: risk inertia and incentives. UWE Departmetn of Economics working paper no.1412. December

Ritchie F. (2017a) The ‘Five Safes’: a framework for planning, designing and evaluating data access solutions. Data For Policy Conference 2017. September.

Ritchie F. (2017b) Spontaneous recognition: an unnecessary control on data access? ECB Statistical Papers no.24. European Central Bank. August.

Ritchie, F. (2019). Analyzing the disclosure risk of regression coefficients. Transactions on data privacy, 12(2), 145-173

Ritchie F. and Tava F. (2020) Five Safes or One Plus Four Safes? Musing on project purpose. Bristol Centre for Economics and finance blog

Security Brief (2019) IXUP embeds Five Safes framework in platform.

Sikorska J., Bradley S., Hodkiewicz M. and Fraser R. (2020) DRAT: Data risk assessment tool for university–industry collaborations. Data-Centric Engineering v1:17 doi:10.1017/dce.2020.13

Silberman R. (2021) Developing access to confidential data in France: results and new challenges. Journal of Privacy and Confidentiality v11:2

Tam S. (2021) On a disclosure probability statement for the 5 safes framework. Statistical Journal of the IAOS 37 (2021) 693–698 693 DOI 10.3233/SJI-200677

Understanding Patient Data (2018) Public attitudes to patient data use: A summary of existing research. Understanding Patient Data. September

Volkow N. (2019) Harnessing the potentiality of microdata access risk management model. UNECE/Eurostat Work Session on Statistical Data Confidentiality, The Hague, October

Weaver B. and Richardson J. (2021) Reinventing Library Research Support Services at Griffith University. In: Cases on Research Support Services in Academic Libraries. IGI GLobal.

Wellcome Trust (2013) Qualitative Research into Public Attitudes to Personal Data and Linking Personal Data. Wellcome Trust, London. July

Whittard, D., Ritchie, F., Rose, M., & Musker, R. (2022). Measuring the value of data governance in agricultural investments: A case study. Experimental Agriculture, 58, Article e8.

Wiltshire D. (2021) Using Secure Access Data Safely. SSHOC Workshop September.

Wirth F., Meurers T., johns M. and Prasser F. (2021). Privacy‑preserving data sharing infrastructures for medical research: systematization and comparison. BMC Med Inform Decis Mak v21:242

Zheng Y., Pal A., Abuadbba S., Pokhrel S., Nepal S. and Janicke H. (2020) Towards IoT Security Automation and Orchestration. Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)