Eastern England SDE Researcher Model Disclosure Control SOP

This document explains how researchers working in the Eastern England Secure Data Environment (EE‑SDE) should assess and manage the privacy risks associated with machine‑learning (ML) models before they can be exported from the secure environment. Unlike traditional research outputs, ML models can unintentionally reveal sensitive information because they may behave differently for people whose data was used in training. This creates risks such as identifying whether an individual was in the dataset or inferring sensitive attributes about individuals. 

To reduce these risks, the EE‑SDE uses a toolset called SACRO‑ML, which provides two types of checks. SafeModel supports early “ante‑hoc” checks during model development, helping researchers identify risky parameter choices—such as models that overfit or settings that encourage memorisation. It also produces a structured report for reviewers. The Attacks component performs “post‑hoc” tests by simulating privacy attacks to see whether a trained model might leak information in practice. 

Researchers must prepare their models, document their purpose and training approach, and supply required files before requesting model egress. Output checkers then use SACRO‑ML results to make evidence‑based decisions about whether a model can be safely released, whether it needs revision, or whether the risks are too high.