Many terms are used to discuss privacy
and confidentiality. This page provides a general overview of some commonly used
terms. These definitions are intended to improve your understanding, but the
Committee notes that the concepts do not have universally agreed-upon
definitions.
Administrative Purposes
"One purpose of data
collection concerns a course of action that affects a particular person or
business. The purpose can be regulatory, administrative, legislative, or
judicial. We refer to these purposes generically as administrative."
Report of the Committee on National Statistics' Panel on Confidentiality and
Data Access, Duncan et al., 1993. Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 24. Also see nonstatistical purposes.
Attribute disclosure
Confidentiality is a broad concept that may be
defined differently depending on the context. The Committee has chosen to
include more than one definition to assist users in understanding this concept.
"[Confidential should mean that dissemination] of data in a manner
that would allow public identification of the respondent or would in any way be
harmful to him is prohibited and that the data are immune from legal process. .
. . Unlike privacy, however, which is an individual right, confidentiality is
not restricted to data on individuals and is often extended to data on
organizations." Report of the Committee on National Statistics' Panel on
Confidentiality and Data Access, Duncan et al., 1993. Private Livesand Public Policies, Washington, DC: National Academy Press, p. 23.
"Confidentiality pertains to the treatment of information that an individual
has disclosed in a relationship of trust and with the expectation that it will
not be divulged to others in ways that are inconsistent with the understanding
of the original disclosure without permission." IRB Guidebook, Part
III.D, Department of Health and Human Services, Office for Human Research
Protections.
Data
Protection
"Data protection refers to the set of
privacy-motivated policies and procedures that ensure minimal intrusion by data
collection and maintenance of data confidentiality." Report of the Committee
on National Statistics' Panel on Confidentiality and Data Access, Duncan et al.,
1993. Private Lives and PublicPolicies, Washington, DC: National Academy Press, p. 23.
Data
Stewardship
Data stewardship is an “(o)rganizational commitment to ensure that
identifiable information is collected, maintained, used, and disseminated in a
way that respects privacy, ensures confidentiality and security, reduces
reporting burden, and promotes access to statistical data for public policy."
U.S. Bureau of the Census.
Disclosure
"Disclosure relates to inappropriate attribution of
information to a data subject, whether an individual or organization.
Disclosure occurs when a data subject is identified from a released file
(identify disclosure), sensitive information about a data subject is
revealed through the released file (attribute disclosure), or the
released data make it possible to determine the value of some characteristic of
an individual more accurately than otherwise would have been possible
(inferential disclosure)." Report of the Committee on National
Statistics' Panel on Confidentiality and Data Access, Duncan et al., 1993.
PrivateLives and Public Policies, Washington, DC: National Academy Press, p.
23.
Disclosure Limitation Techniques - See statistical disclosure
limitation techniques.
Disclosure Review Boards (DRB)
"Some agencies have established special panels called
Disclosure Review Boards to review data releases before they are made public.
These boards review microdata files and tables to determine if releasing the
information to the public would conflict with the agency’s confidentiality
policies. Over time, these boards develop substantial expertise and experience
concerning their agency’s practices and confidentiality issues regarding public
releases of data. Other agencies which receive requests for microdata files on
a less frequent basis may use ad hoc panels comprised of existing agency staff
or staff from other agencies to assess the confidentiality risk of the data."
Federal Committee on Statistical Methodology's Confidentiality and Data Access
Committee brochure - Confidentiality andData Access Issues Among Federal Agencies, November 2001, p.
8.
Identity disclosure - See disclosure.
Identifiable Form or
Identifiability
"The term 'identifiable form' means any representation of
information that permits the identity of the respondent to whom the information
applies to be reasonably inferred by either direct or indirect means." ConfidentialInformation Protection and Statistical Efficiency Act of 2002, Section
502(4). To better understand what variables and types of data might make
individual respondents identifiable in a microdata file, see the Committee on
Data Access and Confidentiality’s paper “Identifiability inMicrodata Files.”
Inferential disclosure - See disclosure.
Informed
Consent
"...[I]nformed consent refers to a person's agreement to allow personal data
to be provided for research and statistical purposes. Agreement is based on full
exposure of the facts the person needs to make the decision intelligently,
including any risks involved and alternatives to providing the data. . . .
Informed consent describes a condition appropriate only when data providers have
a clear choice. They must not be, nor perceive themselves to be, subject to
penalties for failure to provide the data sought." Report of the Committee on
National Statistics' Panel on Confidentiality and Data Access, Duncan et al.,
1993. Private Lives and PublicPolicies, Washington, DC: National Academy Press, p. 23. Also, see
notification.
For details on informed consent for Federally supported or regulated
research, the Committee recommends The CommonRule - Protection of Human Subjects.
Institutional Review Board (IRB)
"The IRB is an administrative body established to protect the
rights and welfare of human research subjects recruited to participate in
research activities conducted under the auspices of the institution with which
it is affiliated. The IRB has the authority to approve, require modifications
in, or disapprove all research activities that fall within its jurisdiction as
specified by both the federal regulations and local institutional policy."
The possibility that research may invade the privacy of individuals or result in
a breach of confidentiality is considered by an IRB when considering whether to
approve research activities. IRB Guidebook, Part
I.A, Department of Health and Human Services, Office for Human Research
Protections.
Nonstatistical Purposes
"The term ‘‘nonstatistical purpose’’— (A) means the use of data in
identifiable form for any purpose that is not a statistical purpose, including
any administrative, regulatory, law enforcement, adjudicatory, or other purpose
that affects the rights, privileges, or benefits of a particular identifiable
respondent; . . . " Confidential Information Protectionand Statistical Efficiency Act of 2002, Section 502(5). Also see administrative
purposes.
Notification
"Notification . . . involves a condition of data provision under
full exposure of pertinent facts. Unlike with informed consent, however, the
elements of choice and agreement are absent. Notification is the more
appropriate concept when data provision for stated purposes is mandatory, as it
is in the decennial census of population." Report of the Committee on National
Statistics' Panel on Confidentiality and Data Access, Duncan et al., 1993.
PrivateLives and Public Policies, Washington, DC: National Academy Press,
p. 23. Also, see informed
consent.
Privacy is a
broad concept that may be defined differently depending on the context. The
Committee has chosen to include more than one definition to assist users in
understanding this concept.
"Informational privacy encompasses an individual's freedom from
excessive intrusion in the quest for information and an individual's ability to
choose the extent and circumstances under which his or her beliefs, behaviors,
opinions, and attitudes will be shared with or withheld from others." Report of
the Committee on National Statistics' Panel on Confidentiality and Data Access,
Duncan et al., 1993. Private Lives and PublicPolicies, Washington, DC: National Academy Press, p. 22.
"Privacy can be defined in terms of having control over the
extent, timing, and circumstances of sharing oneself (physically, behaviorally,
or intellectually) with others." IRB Guidebook, Part
III.D, Department of Health and Human Services, Office for Human Research
Protections.
Restricted Data and
Restricted Access
"The confidentiality of individual information can be protected
by restricting the amount of information in released tables and microdata files
(restricted data) or by
imposing conditions on access to the data products (restricted access), or by some combination of
these." Federal Committee on Statistical Methodology. (May 1994). Reporton Statistical Disclosure Limitation Methodology, Statistical Policy
Working Paper 22, Washington, DC: Office of Management and Budget, Office of
Information and Regulatory Affairs, Statistical Policy Office, p. 3.
Restricted
Data
Organizations may use statistical
methods to limit disclosure. These "restricted data procedures" are used to
create products (e.g., tables and microdata) that may be released without
restrictions on their use. To enable approved, qualified users to access more
detailed data, an organization may use administrative "restricted access" procedures that protect the
confidentiality of the data.
Restricted
Access
For many legitimate research analyses, restricted data products are not adequate and often
severely limit the amount of detail that is available. To enable approved,
qualified users to access the more detailed data, statistical organization use
administrative procedures that protect the confidentiality of the data. In
"restricted access," conditions are imposed on who may access the data, for what
purpose, at what location, which variables may be accessed, etc.
Statistical
Purpose/Statistical Activities
"The term 'statistical purpose' — (A) means the description,
estimation, or analysis of the characteristics of groups, without identifying
the individuals or organizations that comprise such groups; and (B) includes the
development, implementation, or maintenance of methods, technical or
administrative procedures, or information resources that support the purposes
described in subparagraph (A). Confidential Information Protection
and Statistical Efficiency Act of 2002, Section 502(9).
"The term 'statistical activities'— (A) means the collection,
compilation, processing, or analysis of data for the purpose of describing or
making estimates concerning the whole, or relevant groups or components within,
the economy, society, or the natural environment; and (B) includes the
development of methods or resources that support those activities, such as
measurement methods, models, statistical classifications, or sampling frames."
(Confidential Information Protectionand Statistical Efficiency Act of 2002, Section 502(7).
Statistical Disclosure
Limitation Techniques
Before releasing statistical data or microdata files, organizations may be
required by law, policy, and ethics to protect the confidentiality of
information collected from persons, businesses, or other units. These
organizations use a variety of statistical methods to protect their data and to
ensure that the risk of disclosure is very small. Such methods are called
statistical disclosure limitation methods or statistical disclosure control
methods to reflect the realization that a zero-risk of disclosure is an
impossibly high standard and that the collection of ANY data entails some risk,
no matter how small.
Typically, an organization protects the confidentiality of data that it
collects by using one or both of the following techniques: restricted data products and restricted accessprocedures.