1. ONS Approved Researcher accreditation, DAA, DURA and Ts&Cs#

To be active in the UK LLC TRE you must be an Office for National Statistics (ONS) Accredited Researcher, be named on an approved project, be covered by a Data Access Agreement (DAA) between your organisation and the University of Bristol and have accepted the Data User Responsibilities Agreement (DURA) and the data owners’ terms and conditions, both of which are accessible within UK LLC Apply.

2. IT equipment and security#

You must only access the UK LLC TRE from the UK via a secure private or corporate network using organisation owned/approved machines, which are automatically maintained (so that they are fully patched and up to date with relevant virus protection).

Where using a private network, you must make all reasonable efforts to ensure this is maintained and the equipment is secure (strong password) and kept patched and up to date. You must keep your UK LLC TRE access password private and your 2FA secure and you must not share these with anyone else. You must ensure that your display screen is not overlooked by unauthorised persons when accessing the UK LLC TRE and you must lock your computer when you leave it unattended.

3. Screenshots of the TRE#

You must never take any screenshots of data in the UK LLC TRE (e.g. by using a phone or snipping tool), although you can share your screen with other approved researchers on your project. If you wish to share findings with a colleague who is not named on your research project, you must submit each output for statistical disclosure control checks via the official data out process described in rule 4 below.

4. Taking data out of the TRE#

The only way you are permitted to take data out of the UK LLC TRE is via the official data out process detailed in the Moving files in and out guide. Even small outputs, such as a single number that you could easily remember or write down MUST be requested via this process. This ensures that all outputs are documented and that UK LLC is confident that your output is safe, i.e. non-disclosive.

5. Confidentiality of data#

You must maintain the confidentiality of the data you access in the UK LLC TRE. You must not try to identify or contact any LPS participant. If you inadvertently identify an LPS participant you must notify the UK LLC Data Team immediately: support@ukllc.ac.uk.

6. Project scope and permissions#

All your analyses must lie within the approved scope of your project and adhere to the terms and conditions set by data owners. You will not be permitted to file-out outputs that lie outside the scope of your approved project or that have breached data owners’ terms and conditions. You must only use the data accessed through the UK LLC TRE for genuine research for public good and never use the data for profit-making purposes. You should frequently revisit your application form and Ts&Cs in UK LLC Apply to check that you are staying within the scope of your project and adhering to all Ts&Cs. If you have any doubt regarding the scope and permissions of your project, you must contact the UK LLC Applications Team before proceeding further: access@ukllc.ac.uk.

7. Reproducible research#

You must make your project workings (including syntax/scripts, code lists and other relevant documentation) accessible to other researchers. The documentation must be sufficient for future users to understand and replicate your analyses - see the Using Git guide.

8. Audit#

You agree to your ONS Accredited Researcher status and the scope and permissions of your approved project being audited and you must provide full cooperation. All auditors commit to the confidentiality of the project. UK LLC Data Team staff will examine your syntax files and check that the variables you are accessing and including in functions, tabulations and visualisations align with your project documentation. If any potential non-compliances are identified, the Data Team will contact the main applicant on the project for further information and copy in the UK LLC Information Security Team (IST). If any non-compliances are identified, the IST will consider whether an Information Security Case Report should be completed. If required, the IST will escalate non-compliances to the UK Statistics Authority’s Research Accreditation Panel (RAP).

9. Supervisors of students#

If you are a supervisor of a student you must be the main applicant on the project and you must work closely with your student to ensure that they understand how to work appropriately in the UK LLC TRE. You are responsible for your student’s actions. If your student is found to have broken one of UK LLC’s rules, you will be notified by UK LLC. Depending on the seriousness of the rule-breaking, or if it is a repeat occurrence, both your and their access to the UK LLC TRE may be suspended or terminated.

10. Reporting concerns, breaches and other incidents#

You must report to the UK LLC Data Team as soon as possible any concerns, or breach of data or other incident that may have compromised the security of data in the UK LLC TRE: support@ukllc.ac.uk.

Examples include, but are not limited to:

• Concerns you have about the quality of the data or the data not being reasonably de-identified

• The loss or theft of a computer used to access the UK LLC TRE

• Any unauthorised person gaining access to the UK LLC TRE

• Any sharing of login details or devices that permit access to the UK LLC TRE.

You should also notify UK LLC about risks and any weaknesses you identify in UK LLC systems, policies and procedures: support@ukllc.ac.uk.

11. Presenting/publishing your results#

You must only include data in papers/presentations that have been approved through UK LLC’s output review process - see the Moving files in and out guide. You must share all papers and similar outputs with UK LLC for review at least two weeks prior to submission for publication - see the Publishing or presenting your research guide.