Respect for Data Providers and Protection of Their Data
FEDERAL statistical agencies are able to produce useful statistical information because they can collect and acquire data from many providers, including survey respondents, organizations that provide data files, government agencies that provide administrative records, third-party data aggregators, and others. A statistical agency’s ability to fulfill its mission thus depends upon the relationships that the agency is able to build and maintain with data providers. Effective statistical agencies demonstrate respect for their data providers and protect the providers’ data to ensure that agencies can fulfill their missions.
To maintain a relationship of respect and trust with survey participants and other data providers, a statistical agency should respect their privacy, minimize the reporting burden imposed on them, and respect their autonomy when they are asked to participate in a voluntary program to collect data. The statistical agency must also comply with all legal requirements to ensure that the data are used only for statistical purposes. To do this, a statistical agency must communicate its privacy and confidentiality protection procedures and policies,26 as well as the societal benefits from collecting the data.
26 Informational privacy is “an individual’s freedom from excessive intrusion in the quest for information, and an individual’s ability to choose the extent or circumstances under which his or her beliefs, behaviors, opinions, and attitudes will be shared with or withheld from others,” while confidentiality refers broadly to an obligation not to transmit information to an unauthorized party (NRC, 1993b, p. 22).
Respecting Privacy in Surveys
To promote trust and encourage accurate responses from survey respondents, it is important that statistical agencies respect their privacy by reducing, to the extent possible, the intrusiveness of questions they ask and the time and effort required to respond. Agencies must also give respondents adequate information with which to decide if a survey is worthy of response—that is, so respondents can give their informed consent (see below). Thus, when individuals or organizations are asked to participate in a survey, they should be told whether it is mandatory or voluntary, how the data will be used, and what confidentiality protections apply to the data. They should also be informed of the likely duration of a survey response task, whether they will be asked to consult records, and whether the survey involves repeated responses over time (see U.S. Office of Management and Budget, 2016a).
To reduce the burden of replying to surveys (see NASEM, 2016b; NRC, 2013a, Ch. 4), statistical agencies should write clear questions that fit respondents’ common understanding, minimize the intrusiveness of questions, and explain why intrusive-seeming questions serve important purposes. Statistical agencies should also allow alternative modes of response when appropriate (e.g., Internet, smartphone) and use administrative records or other data sources, if sufficiently complete and accurate, to provide some or all of the needed information. In surveys of businesses or other organizations, agencies should seek to obtain information directly from the organization’s records and so minimize the need for duplicate responses to multiple requests.
Protecting and Respecting the Autonomy of Human Research Participants
Collecting data from individuals for research purposes using federal funds falls under a series of regulations, principles, and best practices that the federal government has developed over a period of more than 50 years (see NRC, 2003b, 2014c). The pertinent regulations, which have been adopted by 11 departments and 6 agencies, are known as the “Common Rule” (45 CFR 46). The Common Rule regulations (the most recent revision took effect in January 2019) require that researchers adequately protect the privacy of human participants and maintain the confidentiality of data collected from them, minimize the risks to participants from
the data collection and analysis, select participants equitably with regard to the benefits and risks of the research, and seek the informed consent of individuals to participate (or not) in the research. Under the regulations, most federally funded research involving human participants must be reviewed by an independent institutional review board (IRB) to determine whether the design meets ethical requirements for protection.27
Not all federal statistical agencies’ data collections are subject to IRB review. Nonetheless, agencies should strive to incorporate the spirit of the Common Rule in the design and operation of all activities that involve data collection from individual respondents. Statistical agencies should seek ways to inform potential respondents that will help them decide whether to participate, such as sending respondents an advance letter. Such information should include the planned uses of the data and their benefits to the public.
Even for mandatory data collections, such as the decennial Census of Population and Housing and the quinquennial Economic Census, a statistical agency should respect its respondents by giving them as much information as possible about the reasons for the collection and making it as easy as possible for them to respond (see U.S. Office of Management and Budget, 2016a). The principles and practices of respect apply not only to individuals asked to participate in a survey, but also to representatives of organizations (e.g., businesses, state and local governments) asked to participate in a survey and to custodians of existing data, such as administrative records, who are asked to share their data for statistical purposes.
Respecting the Providers of Administrative and Other Data
Moving to a new paradigm of using multiple data sources for federal statistics, an agency must develop procedures that respect the constraints of data-providing organizations. In working with federal agencies that hold useful administrative records, statistical agencies should plan to cooperate, communicate, and coordinate with them on a continuing basis, as urged in Hendriks (2012). A continuing relationship of mutual respect and trust enables a statistical agency to better understand the strengths and
27 For information about the Common Rule and certification of IRBs by the Office for Human Research Protections in the U.S. Department of Health and Human Services, see http://www.hhs.gov/ohrp [February 2021] and Appendix A.
limitations of a custodial agency’s data. Mutual respect can help identify improvements in the data that are useful to both agencies.
An important consideration in using administrative records is whether informed consent of the individuals or organizations that provided their information to the custodial agency is required. In many cases the statistical use of administrative records may qualify under the “routine use” exception of the Privacy Act to provide evidence for the effective operation of the program. In some instances it may be necessary to obtain new consent of the original data providers.
Protecting the Confidentiality of Data Providers’ Information
When individuals and organizations provide information to statistical agencies, they advance the public good. They must be able to rely on the statistical agency’s promise to protect their information, to use it only for statistical purposes, and to protect it from other uses.
A credible pledge of confidentiality for individual and organizational responses is considered essential to encourage high response rates and accuracy of responses from survey participants.28 Moreover, if individual participants have been assured of confidentiality, disclosure of identifiable information would violate the principle of respect for persons even if the information is not sensitive and would not result in any social, economic, legal, or other harm. For sensitive administrative data obtained from another government agency, there must be a credible pledge of confidentiality in a properly formulated memorandum of understanding or other authorizing document.
The Confidential Information Protection and Statistical Efficiency Act (CIPSEA) was originally enacted in 2002 and recodified as part of the Evidence Act (see Appendix B). This law protects the confidentiality of all federal data collected for statistical purposes under a confidentiality pledge, including but not limited to data collected by statistical agencies.29 CIPSEA thus provides a common basis for the protection
28 See Hillygus et al. (2006) and NRC (1979, 2004a, 2013c).
29 Section 508 of the USA PATRIOT Act of 2001 (P.L. 107-56) amended the National Center for Education Statistics (NCES) Act of 1994 to allow the U.S. attorney general (or an assistant attorney general) to apply to a court to obtain any “reports, records, and information (including individually identifiable information) in the possession” of NCES that are considered relevant to an authorized investigation or prosecution of domestic or international terrorism. Section 508 also removed penalties for NCES employees who furnish individual records under this section. This exclusion for NCES has not been invoked.
of all statistical data across agencies, which enables some data sharing and provides statistical agencies the ability to designate external researchers as their agents so they could access data for statistical purposes. The law contains penalties for employees and agents who knowingly disclose identifiable statistical information (up to 5 years in prison, up to $250,000 in fines, or both).
Both the perception and the reality of agencies’ confidentiality protection may be affected by departmental initiatives to consolidate data processing and storage to bolster computer and network security in the federal government, improve the cost-effectiveness of information technology development and maintenance, and protect against cyberattacks. An effective statistical agency will work with its department on approaches to computer security. As part of their responsibilities to support federal statistical agencies, departments should ensure that statistical agencies are able to control their data and information systems to ensure that the data are only used for statistical purposes and are kept confidential (see Practice 2).
This page intentionally left blank.