Statistical Standards Program
Table of Contents
1. Development of Concepts and Methods
2. Planning and Design of Surveys
3. Collection of Data
4. Processing and Editing of Data
4-1 Data Editing and Imputation of Item Nonresponse
4-2 Maintaining Confidentiality
4-3 Evaluation of Surveys
4-4 Nonresponse Bias Analysis
5. Analysis of Data / Production of Estimates or Projections
6. Establishment of Review Procedures
7. Dissemination of Data
For help viewing PDF files, please click here
|PROCESSING AND EDITING OF DATA|
SUBJECT: MAINTAINING CONFIDENTIALITY
NCES STANDARD: 4-2
PURPOSE: To protect the confidentiality of NCES data that contain information about individuals (individually identifiable information). For this reason, staff must be cognizant of the requirements of the law and must monitor the confidentiality of individually identifiable information in their daily activities and in the release of information to the public.
KEY TERMS: coarsening, confidentiality, confidentiality edits, Data Analysis System (DAS), data swapping, edits, disclosure risk analysis, individually identifiable data, perturbation techniques, public-use data file, public-use edits, restricted-use data file, stage of data collection, and statistical disclosure techniques.
LEGAL REQUIREMENTS: Five laws cover protection of the confidentiality of individually identifiable information collected by NCES - the Privacy Act of 1974, as amended, the E-Government Act of 2002, the Education Sciences Reform Act of 2002, and the US Patriot Act of 2001.
Privacy Act of 1974, as amended - "The purpose of this Act is to provide certain safeguards for an individual against invasion of personal privacy by requiring Federal agencies to collect, maintain, use or disseminate any record of identifiable personal information in a manner that assures that such action is for necessary and lawful purpose, that the information is current and accurate for its intended use, and that adequate safeguards are provided to prevent misuse of such information." A willful disclosure of individually identifiable data is a misdemeanor, subject to a fine up to $5,000.
E-Government Act of 2002, Title V, Subtitle A, Confidential Information Protection (CIP 2002) - "Under this law, all individually identifiable information supplied by individuals or institutions to a federal agency for statistical purposes under the pledge of confidentiality must be kept confidential and may only be used for statistical purposes. Any willful disclosure of such information for nonstatistical purposes, without the informed consent of the respondent, is a class E felony.
Education Sciences Reform Act of 2002 (ESRA 2002) - Under this law all individually identifiable information about students, their families, and their schools shall remain confidential. To this end, this law requires that no person may:
Further, individually identifiable information is immune from legal process, and shall not, without the consent of the individual concerned, be admitted as evidence or used for any purpose in any action, suit, or other judicial or administrative proceeding, except in the case of terrorism. Employees, including temporary employees, or other persons who have sworn to observe the limitations imposed by this law, who knowingly publish or communicate any individually identifiable information will be subject to fines of up to $250,000, or up to 5 years in prison, or both (Class E felony).
US Patriot Act of 2001 - This law permits the Attorney General to petition a court of competent jurisdiction for an ex parte order requiring the Secretary of the Department of Education to provide data relevant to an authorized investigation or prosecution of an offense concerning national or international terrorism. The law states that any data obtained by the Attorney General for these purposes " may be used consistent with such guidelines as the Attorney General, after consultation with the Secretary, shall issue to protect confidentiality." This law was incorporated into ESRA 2002.
Federal Statistical Confidentiality Order of 1997 - This OMB Order provides a consistent government policy for " protecting the privacy and confidentiality interests of persons who provide information for Federal statistical programs " The Order defines relevant terms and provides guidance on the content of confidentiality pledges that Federal statistical programs should use under different conditions. The Order provides language for confidentiality pledges under two conditions-first, when the data may only be used for statistical purposes; second, when the data are collected exclusively for statistical purposes, but the agency is compelled by law to disclose the data. Since the US Patriot Act of 2001 includes a legal requirement that compels NCES to share the data under the conditions specified in the law (see above); the second condition applies to NCES. In this case, the Order instructs the agency to " at the time of collection, inform the respondents from whom the information is collected that such information may be used only for statistical purposes and may not be disclosed, or used, in identifiable form for any other purpose, unless otherwise compelled by law."
The confidentiality protection required in a DAS is a function of the type of estimate(s) to be produced. For example, a DAS that produces cell counts may require the use of more extensive confidentiality edits.
If a public-use file is released or planned for a data file, any DAS created for that data file must be based on public-use data that have undergone perturbation disclosure limitation techniques as part of confidentiality edits.
Methods for Protecting Individually Identifiable Data
All public-use files (i.e., the edited restricted-use files) that contain any potentially individually identifiable information must undergo a disclosure risk analysis in preparation for release to the public. The steps are as follows:
STANDARD 4-2-9: Inasmuch as confidentiality edits are intended to protect individually identifiable data, files that incorporate the results of the DRB approved confidentiality edit plan may be used to produce tables without confidentiality concerns over minimum cell sizes. When this is done:
EXAMPLE: A principal salary table by race and years of experience may only have 2 Asian respondents with more than 20 years of experience. To implement this standard, one possibility would be to either combine the Asian category with another race group or combine the 20+ years of experience category with the next lower experience category. This process would continue until all cells have either at least 3 unweighted cases or no unweighted cases.
Under law, public use data collected and distributed by the National Center for Education Statistics (NCES) may be used only for statistical purposes.
Any effort to determine the identity of any reported case by public-use data users is prohibited by law. Violations are subject to Class E felony charges of a fine up to $250,000 and/or a prison term up to 5 years.
NCES does all it can to assure that the identity of data subjects cannot be disclosed. All direct identifiers, as well as any characteristics that might lead to identification, are omitted or modified in the dataset to protect the true characteristics of individuals. Any intentional identification or disclosure of a person violates the assurances of confidentiality given to the providers of the information. Therefore, users shall:
Restricted-Use Data Procedures Manual. 2000. U.S. Department of Education, Office of Educational Research and Improvement, National Center for Education Statistics. Washington DC: U.S. Government Printing Office.