240 likes | 440 Views
How Federal Agencies Protect Confidential Data. J. Neil Russell, Ph.D. Demetra Collia, M.S., M.H.S. 2003 Traffic Record Forum. U.S. Department of Transportation Bureau of Transportation Statistics. Outline. Federal laws for protecting information New Federal law: 2002 CIPSEA
E N D
How Federal Agencies Protect Confidential Data J. Neil Russell, Ph.D. Demetra Collia, M.S., M.H.S. 2003 Traffic Record Forum U.S. Department of Transportation Bureau of Transportation Statistics
Outline • Federal laws for protecting information • New Federal law: 2002 CIPSEA • CIPSEA’s affect on Federal agencies • Procedures for protecting confidential information • Protecting information prior to release 2
Federal Laws for Protecting Data • The Privacy Act of 1974 • The Freedom of Information Act (FOIA) • Other Federal agency specific law • Focus on BTS’ information protection statute 3
The Privacy Act of 1974 • 5 U.S.C. 552a • Information is confidential if: • Held by a Federal agency • About living U.S. citizen (or permanent resident) • Maintained in a “system of records”, that is information can be retrieved by a unique identifier, e.g.: name or SSN 4
The Privacy Act of 1974(continued) • However, permitted releases of information: • As required by the Freedom of Information Act • To other Federal agencies • Law enforcement agencies • Under a court order • For Federal debt collection • A compelling health or safety reason 5
The Privacy Act of 1974(continued) • Privacy Act does not protect: • Non-citizens, non-permanent resident • Deceased persons • Businesses or other institutions • Indirect identifiers: sex, age, race, education, occupation,or city of residence • Any other data element that is not a direct personal identifier 6
The Freedom of Information Act(FOIA) • 5 U.S.C. 552 • All information obtained by Federal agency is to be publicly available, except under certain exemptions: • # 4: proprietary information • # 6: personal or medical information 7
Other Federal Agency Laws • Some Federal agencies’ have specific laws that require information protection (stronger protection than the Privacy Act): • Census Bureau: 13 U.S.C. 9 • National Center for Education Statistics: 20 U.S.C. 9007 • National Center for Health Statistics: 42 U.S.C. 242m • Bureau of Transportation Statistics (BTS): 49 U.S.C. 111(i) 8
BTS’ Information Protection Statute • BTS employees and contractors shall not: • make any disclosure which could identify an individual or organization; • use the information for a non-statistical purpose; • permit unauthorized persons to examine individual reports; • Prohibitions on data releases: • No government agency may require a copy of any individual report; • Any copy of a report shall be immune from the legal process (i.e.: courts cannot require a copy of any report). 9
New Legislation:Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA) • Public Law 107-347, Title V: E-Gov’t Act of 2002 • New law affects all executive branch Federal agencies 10
CIPSEA Subtitle A, Confidential Information Protection • An agency may collect information under a pledge of confidentiality for statistical purposes • This information may not be disclosed in identifiable form for any non-statistical purpose without the informed consent of a respondent • The information collected is exempt from release under the Freedom of Information Act (FOIA) 11
CIPSEA Benefits for Federal Agencies • Most agencies did not have specific laws ensuring confidentiality of information • Agencies can now protect data when collected for statistical purposes only • Better protection of confidential data may encourage respondents to participate in data collections • Agencies can avoid disputes about withholding information under FOIA requests 12
Defining Information Types Under CIPSEA • Statistical purposes - using information to describe or make estimates about whole or subgroups of the economy, society, or environment • Non-statistical purposes - using information for administrative, regulatory, law enforcement, judicial, or other purposes that may affect the rights, privileges, or benefits of a respondent 13
Statistical Information Collected Under CIPSEA • When information is collected for a statistical purpose only: • Information is categorized as confidential • Must protect information; cannot allow direct or indirect identification of data provider • Data cannot be shared for non-statistical purposes • Information can be shared for statistical purposes by written agreements; data user bound to provide same level of protection as agency gives • Class E felony for disclosing confidential information (5 years prison and/or $250,000 fine) 14
Non-statistical Information Collected Under CIPSEA • Non-statistical purposes • A Federal agency must clearly explain to data provider before any information is collected, that it will be used for non-statistical purposes • Information is not confidential 15
Protecting Confidential Data • If information is collected for a statistical purpose - federal agency must have controls and procedures in place to protect the confidential information • Agencies must act to protect the information: • Agency contractors are subject to CIPSEA • Agencies must have internal procedures • Must protect information prior to public dissemination 16
Internal Agency Procedures • If agency invokes CIPSEA, this could imply certain procedures for protecting confidential information: • Documented set of procedures • Training of employees on handling data • Non-disclosure affidavit when employee or contractor enters or leaves agency • Review aggregated or microdata before public release for disclosures of confidential data • Apply certain statistical methods to data to prevent disclosures 17
Internal Agency Procedures (continued) • Information security procedures for protecting electronic and hard copy data (work station, server, fax, print, work space) • Review of contracts, interagency agreements, MOUs, reimbursable agreements for language that directs protection of information • Review of information collection instruments for “pledge of confidentiality” 18
Protecting Data Prior to Public Release • Information collected under CIPSEA for a statistical purpose must be reviewed for potential disclosures prior to public release: • Tabular data • Microdata • Statistical disclosure limitation (SDL) methods are used to protect information prior to public release 19
SDL Methods for Tabular Data • Aggregation – collapse columns or rows • Perturbation – add “noise” to tabular data • Add random noise to cells in table • Round cell values • Controlled adjustment – target sensitive cells • Markov – unbiased cycle of cell modification • Add noise to microdata before creating tables • Complementary cell suppression – • Blank out sensitive cells and cells used to recover sensitive cells 20
General Methods for Protecting Microdata • Delete sensitive variable(s) • Recode a categorical variable into fewer categories (perhaps using thresholds) • Recode a continuous variable into categories • Round continuous variables • Top and/or bottom code variables • Suppress small geographic areas 21
SDL Methods for Microdata • Add noise • Record swapping • Blank and impute certain variables or records • Microaggregation • Multiple imputation/modeling to generate synthetic data 22
How BTS Protects Information • BTS has a special law that require protecting information it collects (49 U.S.C. 111(i)) • Confidentiality Officer • Manual on confidentiality procedures • Disclosure Review Board (DRB) 23
Questions ? Neil Russell Confidentiality Officer Bureau of Transportation Statistics 202-493-2147 neil.russell@bts.gov Demetra Collia Bureau of Transportation Statistics 202-366-1610 demetra.collia@bts.gov 24