NCES Data Confidentiality and Data Licensing Program

1
NCES Data Confidentiality and Data Licensing
Program

• Marilyn Seastrom
• July, 2013
• Washington, DC

2
What Are NCES Responsibilities Under Law?

• PART CNATIONAL CENTER FOR EDUCATION STATISTICS
• SECTION. 153. DUTIES
• (a) GENERAL DUTIES.The Statistics Center shall
  collect, report, analyze, and disseminate
  statistical data related to education in the
  United States and in other nations

2
3
What Are NCES Responsibilities Under Law?

• SECTION 154. PERFORMANCE OF DUTIES.
• 2) SOURCE OF INFORMATION.The Statistics
  Commissioner may, as appropriate, use information
  collected
• . . . .
• (B) by other offices within the Institute and by
  other Federal departments, agencies, and
  instrumentalities.

3
4
What Are NCES Responsibilities Under Law?

• SECTION 156. DISSEMINATION
• The Statistics Center may furnish transcripts or
  copies of tables and other statistical records
  and make special statistical compilations and
  surveys for State and local officials, public and
  private organizations, and individuals.

4
5
What Are NCES Authorities Under Law?

• The Commissioner may utilize temporary staff,
  including employees of Federal, State, or local
  agencies and employees of private organizations
  to assist the Center in performing the Centers
  responsibilities, but only if such temporary
  staff are sworn to observe the IES
  confidentiality law.

5
6
What Confidentiality Laws Apply?

• Education Sciences Reform Act of 2002 (ESRA 2002)
  
• Privacy Act of 1974, as amended
• Family Educational Rights and Privacy Act of 1974
• US Patriot Act of 2001
• NCES is also covered under the E-Government Act
  of 2002, Title V, Subtitle A, Confidential
  Information Protection (CIP 2002)

6
7
IES Confidentiality Law

• Education Sciences Reform Act of 2002 (ESRA)
  All individually identifiable information
  about students, their families, and their schools
  shall remain confidential. The law requires that
  no person may
• Use any individually identifiable information
  collected under an ERSA nondisclosure pledge for
  any nonstatistical purpose, except in the case of
  terrorism

7
8
IES Confidentiality Law

• Make any publication whereby the data for a
  particular person can be identified 
• Permit anyone other than the individuals
  authorized by the Director to examine the
  individual reports.
• Individually identifiable information is immune
  from legal process, and shall not, without the
  consent of the individual concerned, be admitted
  as evidence or used for any purpose in any
  action, suit, or other judicial or administrative
  proceeding, except in the case of terrorism.

8
9
IES Confidentiality Law

• Employees, including temporary employees, or
  other persons who have sworn to observe the
  limitations imposed by this law, who knowingly
  publish or communicate any individually
  identifiable information will be subject to fines
  of up to 250,000, or up to 5 years in prison, or
  both (Class E felony).

9
10
How Does IES Release Data?

• Released data are designated either
  restricted-use or public-use.
• Restricted-use data have all direct identifiers
  removed and either include confidentiality edits
  performed (data perturbation) or are subject to
  cell size restrictions in data releases.

10
11
How Does IES Release Data?

• Released data are designated either
  restricted-use or public-use.
• Public-use sample survey data start from the
  approved restricted-use data and are subject to
  disclosure limitation analysis resulting in
  further perturbations, coarsening, and item
  suppression

11
12
How Does IES Release Data?

• Released data are designated either
  restricted-use or public-use.
• Public-use administrative data start from the
  restricted-use data and are subject to disclosure
  limitation analysis resulting in cell
  suppressions, reporting some aggregate point
  estimates as ranges, and/or rounding

12
13
History of Data Licensing System

• External users are loaned restricted use data
  through a license between IES, the user, and the
  users institution or organization.
• 1989 Initiated talks with OMB to start a trial
  data licensing system Developed protocol and
  legal documents
• 1991 First license issued
• 2000 502 restricted-use licenses
• 2007 Implemented electronic application system
• 2013 900 restricted-use licenses

13
14
What Does a Data License Involve?

• IES loans restricted-use data only to qualified
  organizations in the United States. This
  restriction is because the underlying laws are US
  laws.
• Individual researchers must apply through an
  organization (e.g., a university, a research
  institution, or company).

14
15
What Does a Data License Involve?

• Complete an on-line application
• Submit signed license document
• Primary Researcher
• Senior Official at Institution
• Submit signed and notarized affidavits of
  nondisclosure for all proposed data users
• Submit a signed security plan
• System Security Officer

15
16
What Does a Data License Involve?

• Maintain a data license file and ensure that all
  authorized users follow the agreed upon terms
• Participate in unannounced security inspections
  to ensure compliance
• Adhere to established publication rules to
  protect confidential data
• Submit all release materials to IES Data Security
  Office for disclosure review

16
17
What Does a Data License Involve?

• Notify IES immediately if the researcher receives
  any legal, investigatory, or other demand for
  disclosure of subject data.
• Use the on-line license system to notify IES of
  any modifications in project operations or
  security procedures, including any departures or
  additions to the project staff. The PPO may also
  submit a request for more data.

17
18
What Does a Data License Involve?

• Using the electronic license system to close the
  License when the research that is the subject of
  the agreement has been completed or the license
  terminates, whichever occurs first.
• The restricted-use data and all other
  individually identifiable information (e.g., the
  one backup copy, working notes) shall be
  destroyed under IES supervision or by approved
  IES procedures.

18
19
What Does a Data License Involve?

• The researcher must
• read the Restricted-Use Data Procedures Manual,
• provide a justification for the need for the
  restricted use data,
• submit the required documents,
• agree to keep the data safe from unauthorized
  disclosures at all times, and
• agree to participate fully in unannounced,
  unscheduled inspections by IES Data Security
  Officials to ensure compliance with the terms of
  the license and the security procedures and plan.

19
20
License Lessons Learned

• Maintain complete and detailed records of all
  license transactions.
• Complete annual online training.
• Value of Security inspections.
• Use security inspections to correct minor
  violations.
• Need for regular contact with licensees.
• Use e-mail and automated features of electronic
  license system to send annual reminders for
  personnel and security updates.
• Automate license closeout reminders

20
21
NCES Contact Information

• NCES website http//nces.ed.gov/
• NCES Restricted Use License Program
  http//nces.ed.gov/statprog/instruct.asp
• NCES newsflash sign up at http//ies.ed.gov/newsf
  lash/
• Marilyn Seastrom
• Marilyn.Seastrom_at_ed.gov
• (202) 502-7303
• Thank you

22
NCES Confidentiality Laws
6
23
NCES Employees

• NCES staff take an oath of office.
• They are informed about the requirements of the
  confidentiality law.
• They work in a guarded facility with controlled
  access.
• They must monitor the confidentiality of
  individually identifiable information in their
  daily activities and in the release of
  information to the public.

11
24
Confidential Information

• The term individually or personally
  identifiable information means any record,
  response form, completed survey, or aggregation
  from which information about particular
  individuals or schools may be revealed. Included
  are
• Direct identifiers (e.g., name, SSN, biometric
  records, or video image) and
• Indirect identifiers (e.g., date and place of
  birth, mothers maiden name, gender, age,
  race/ethnicity, a specific geographical location,
  or other descriptors which in combination are
  linkable to a specific individual).

1
25
CIPSEA Use of Agents

• Federal statistical agencies may designate agents
  by contract or special agreement to perform
  exclusively statistical activities subject to
  CIPSEA limitations.
• The agency shall ensure that all agents comply
  with the agencys confidentiality procedures.

13
26
Confidentiality Edits for Sample Survey Data

• Use a confidentiality edit to protect data in
  reporting
• Match a sample of records with those from another
  geographic region on a set of key attributes,
• Swap all the attributes on the matched records.
• Use these protected files for tabulations.

16
27
Disclosure Limitation Techniques

• Recode variables that have extreme cases (e.g.
  salaries)
• To avoid attribute disclosure that could lead to
  an identity disclosure
• Review data against potential external sources of
  data that are available for matching
• To avoid identity disclosure

19
28
Cell Size Restrictions for Confidential Sample
Survey Data

• If there are no confidentiality edits and fewer
  than three cases (i.e., 1 or 2)
• Collapse cells--Combine the sensitive cell with
  a related category for a larger cell size until
  there are no remaining sensitive cells.

17
29
Cell Size Restrictions for Administrative Data
with PII

• Use reporting rules specified with the restricted
  use data file
• Cell suppression and reporting ranges
• Rounding

17
30
Safeguards and Data Access

• Disclosure Review Boardtechnical staff who clear
  anonymized files for release as public-use file
  and who approve data perturbations for restricted
  use files.
• Data Analysis Systemtabulations are provided
  online using either restricted- or public-use
  data.
• Restricted-Use Data Licensing SystemNCES data
  security staff and contractor security
  investigators issue licenses and conduct
  inspections.

20
31
CIPSEA Annual Reporting Requirements

• List individual surveys collected under a CIPSEA
  confidentiality pledge
• List individual surveys collected under another
  arrangement, including promises made for data
  protection, if any
• Report on agency data protection procedures
• Report on the number of existing agents
• Contractors
• Licensees

14
32
NCES Confidentiality Laws

• The Privacy Act of 1974to provide certain
  safeguards for an individual against invasion of
  personal privacy
• Violation is a misdemeanor and is subject to a
  fine up to 5,000.

2
33
NCES Confidentiality Laws

• The Family Educational Rights and Privacy Act (20
  U.S.C. 1232g 34 CFR Part 99) protects the
  privacy of student education records.
• FERPA applies to student record data in all
  schools that receive funds under an applicable
  program of the U.S. Department of Education.
• FERPA allows schools to disclose those records to
  specified officials for audit or evaluation
  purposes.
• FERPA applies to administrative record data that
  NCES obtains from the school or institution
  without the explicit written consent of the
  parent or student.

4
34
CIPSEA

• Confidential Information Protection and
  Statistical Efficiency Act of 2002 (CIPSEA) (44
  USC 3501)
• Protects information supplied by individuals or
  organizations information under a pledge of
  confidentiality for statistical purposes from
  disclosure in identifiable form and from
  nonstatistical uses
• ViolationClass E Felony with a fine up to
  250,000, or up to five years imprisonment, or
  both.

12
35
Types of Disclosures

• Three types of disclosure
• Identity disclosure--third party can identify a
  subject from released data
• Attribute disclosure--confidential information
  about a subject is revealed and can be attributed
  to the subject
• Inferential disclosure--information can be
  inferred with high confidence from statistical
  properties of released data
• Statistical agencies are concerned with identity
  and attribute disclosure.

14