Principle 3: Trust among Data Providers
A federal statistical agency must have the trust of those whose information it obtains.
THE STATISTICAL PROGRAMS of the federal government rely on information supplied by many data providers, including individual members of the public, other agencies of the federal government, and organizations outside the federal government, such as state and local governments, businesses, and other organizations. Some of this information is a by-product of data collections that are required by law or regulation for use in the administration of government tax and transfer programs, such as employers’ wage reports to state employment security agencies or records of payments to program beneficiaries. Much of it is obtained through the voluntary cooperation of respondents in statistical surveys. Even when response is mandatory, as in the case of such essential statistical programs as the population and economic censuses, the willing cooperation of respondents reduces costs and likely promotes accuracy (see National Academies of Sciences, Engineering, and Medicine, 2016; National Research Council, 1995, 2004, 2013b).
A high standard of ethical conduct on the part of a statistical agency is critical for obtaining the cooperation of data providers, whether they are individuals or organizational entities or custodians of administrative records. Thus, trust is engendered when data providers can rely on the word of a statistical agency that the information they are asked to provide is important and legitimate for the government to collect, is being collected in an impartial and competent manner, and will be used only for the purposes that the agency has described.
Data providers must be able to trust the word of a statistical agency that it will scrupulously honor its promises to protect individual responses collected under a pledge of confidentiality. Such protection should preclude that any individually identifiable information collected for statistical purposes is used for any administrative, regulatory, or law enforcement purpose. It should require, moreover, that agencies use state-of-the-art methods to protect—to the extent possible—against reidentification of individual records in statistical data products that are available for public use (see National Academies of Sciences, Engineering, and Medicine, 2017:Ch. 5). Agency and contractor staff and researchers who have been given controlled access to individual records should follow proper procedures to guard against disclosure and suffer penalties if a disclosure occurs.
In today’s world, when intrusions into computer networks are distressingly frequent, protection of confidentiality and respect for privacy further requires the use of state-of-the-art technology to ensure cybersecurity. The Federal Cybersecurity Enhancement Act of 2015 (see Appendix A) requires all agencies to use a system known as EINSTEIN (currently in version E3A) to guard against and detect cybersecurity breaches. The added protection from this advanced technology is a benefit to statistical agencies.30
To engender trust, a statistical agency should also respect the privacy of data providers in other ways and ensure that individuals’ decisions to respond to a survey are made with full information (i.e., are autonomous).31 Such respect requires an agency to minimize the intrusiveness of questions and the time and effort to respond to them to the maximum extent possible that is consistent with the agency’s requirements for information. It also requires that an agency’s data collection staff take care to treat respondents with courtesy and show appreciation for their time (see National Academies of Sciences, Engineering, and Medicine, 2016). Respect further requires that an agency provide sufficient information for the provider to make an informed decision about whether to supply the requested data, including the intended uses of the data being collected, their relevance for important public purposes, and the extent of confidentiality protection that will be provided.
30 However, because the Act allows U.S. Department of Homeland Security staff to monitor traffic conducted over any federal agency network and take follow-up actions as necessary, agencies have modified their confidentiality pledges to inform respondents of screening of records for cybersecurity purposes (see Practice 8).
31 The requirements for informed consent to participate in surveys and other research under the Federal Policy for the Protection of Human Subjects (Common Rule) (https://www.hhs.gov/ohrp/regulations-and-policy/regulations/common-rule/index.html [April 2017]) rest on the concept of autonomy in the “Belmont Report”: “To respect autonomy is to give weight to autonomous persons’ considered opinions and choices” (National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research, 1978:5).
When data are obtained from the administrative records of other federal, state, or local government agencies or other third-party providers, the same principle of trust applies in order to secure the fullest possible cooperation of these providers with a statistical agency’s needs for the records and associated documentation.32 Provider agencies and organizations need to be able to trust that their records are important and legitimate for a statistical agency to obtain, that their own restrictions on data access will be honored, and that the statistical agency will make every effort to minimize the burden for the provider agency of responding to the statistical agency’s requests.
32U.S. Office of Management and Budget (2014a) asserts the legitimacy and benefits of use of administrative data from other federal agencies for statistical agency purposes. It also provides guidance for best practices and procedures to engender mutual respect and trust and facilitate such data sharing.