Key Terms/Definitions in Privacy and Confidentiality
Many terms are used to discuss privacy and confidentiality. This page
provides a general overview of some
commonly used terms. These definitions are intended to improve your
understanding, but the Committee notes that the concepts do not
have universally agreed-upon definitions.
Administrative Purposes
"One purpose of data collection concerns a course of action
that affects a particular person or business. The purpose can be
regulatory, administrative, legislative, or judicial. We refer to
these purposes generically as administrative." Report of the Committee on National Statistics'
Panel on Confidentiality and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 24.
Also see nonstatistical purposes.
Attribute disclosure - See
disclosure.
Confidentiality is a broad concept that may be defined
differently depending on the context. The Committee has chosen to include
more than one definition to assist
users in understanding this concept.
"[Confidential should
mean that dissemination] of data in a manner that would allow public
identification of the respondent or would in any way be harmful to him is
prohibited and that the data are immune from legal process. . . .
Unlike privacy, however, which is an individual right, confidentiality is
not restricted to data on individuals and is often extended to data on
organizations." Report
of the Committee on National Statistics' Panel on Confidentiality and Data
Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 23.
"Confidentiality pertains to the treatment of information that an
individual has disclosed in a relationship of trust and with the
expectation that it will not be divulged to others in ways that are
inconsistent with the understanding of the original disclosure without
permission."
IRB
Guidebook, Part III.D, Department of Health and Human Services, Office
for Human Research Protections.
Data Protection
"Data protection refers to the set of
privacy-motivated policies and procedures that ensure minimal intrusion by data
collection and maintenance of data confidentiality."
Report of the Committee on National Statistics' Panel on Confidentiality
and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 23.
Data Stewardship
Data stewardship is an “(o)rganizational commitment to ensure that identifiable
information is collected, maintained, used, and disseminated in a way that
respects privacy, ensures confidentiality and security, reduces reporting
burden, and promotes access to statistical data for public policy."
U.S. Bureau of the Census.
Disclosure
"Disclosure relates to inappropriate attribution of information to a data
subject, whether an individual or organization. Disclosure occurs when
a data subject is identified from a released file (identify disclosure),
sensitive information about a data subject is revealed through the
released file (attribute disclosure), or the released data make it
possible to determine the value of some characteristic of an individual more
accurately than otherwise would have been possible (inferential
disclosure)." Report of the Committee on National Statistics' Panel on Confidentiality
and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 23.
Disclosure Limitation Techniques - See
statistical
disclosure limitation techniques.
Disclosure Review Boards (DRB)
"Some agencies have established
special panels called Disclosure Review Boards to review data releases
before they are made public. These boards review microdata files and tables
to determine if releasing the information to the public would conflict with
the agency’s confidentiality policies. Over time, these boards develop
substantial expertise and experience concerning their agency’s practices and
confidentiality issues regarding public releases of data. Other agencies
which receive requests for microdata files on a less frequent basis may use
ad hoc panels comprised of existing agency staff or staff from other
agencies to assess the confidentiality risk of the data." Federal Committee
on Statistical Methodology's Confidentiality and Data Access Committee
brochure -
Confidentiality and Data Access Issues Among Federal Agencies,
November 2001, p. 8.
Identity disclosure - See
disclosure.
Identifiable Form or Identifiability
"The term 'identifiable form' means any representation of
information that permits the identity of the respondent to whom the
information applies to be reasonably inferred by either direct or indirect
means." Confidential
Information Protection and Statistical Efficiency Act of 2002, Section
502(4). To better
understand what variables and types of data might make individual
respondents identifiable in a microdata file, see the Committee on Data
Access and Confidentiality’s paper “Identifiability
in Microdata Files.”
Inferential disclosure - See
disclosure.
Informed Consent
"...[I]nformed consent refers to a person's agreement to allow personal
data to be provided for research and statistical purposes. Agreement is
based on full exposure of the facts the person needs to make the decision
intelligently, including any risks involved and alternatives to providing
the data. . . . Informed consent describes a condition appropriate only when
data providers have a clear choice. They must not be, nor perceive
themselves to be, subject to penalties for failure to provide the data
sought." Report of the Committee on National Statistics' Panel on
Confidentiality and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 23.
Also, see notification.
For details on informed consent for Federally supported or regulated
research, the Committee recommends
The
Common Rule - Protection of Human Subjects.
Institutional Review Board (IRB)
"The IRB is an administrative body established to protect the rights and
welfare of human research subjects recruited to participate in research
activities conducted under the auspices of the institution with which it is
affiliated. The IRB has the authority to approve, require modifications in,
or disapprove all research activities that fall within its jurisdiction as
specified by both the federal regulations and local institutional policy." The possibility that research may invade the privacy of individuals or
result in a breach of confidentiality is considered by an IRB when
considering whether to approve research activities.
IRB
Guidebook, Part I.A, Department of Health and Human Services, Office for
Human Research Protections.
Nonstatistical Purposes
"The term ‘‘nonstatistical purpose’’— (A) means the use of
data in identifiable form for any purpose that is not a statistical
purpose, including any administrative, regulatory, law enforcement,
adjudicatory, or other purpose that affects the rights, privileges, or
benefits of a particular identifiable respondent; . . . " Confidential
Information Protection and Statistical Efficiency Act of 2002, Section 502(5).
Also see administrative purposes.
Notification
"Notification . . . involves a condition of data
provision under full exposure of pertinent facts. Unlike with
informed consent, however, the elements of choice and agreement are
absent. Notification is the more appropriate concept when data
provision for stated purposes is mandatory, as it is in the decennial
census of population." Report of the Committee on National Statistics' Panel on Confidentiality
and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 23.
Also, see informed
consent.
Privacy is a broad concept that may be defined differently
depending on the context. The Committee has chosen to include
more than one definition to assist users in understanding this concept.
"Informational privacy encompasses an individual's freedom from excessive
intrusion in the quest for information and an individual's ability to choose
the extent and circumstances under which his or her beliefs, behaviors,
opinions, and attitudes will be shared with or withheld from others." Report of the Committee on National Statistics' Panel on Confidentiality
and Data Access, Duncan et al., 1993.
Private Lives and Public
Policies, Washington, DC: National Academy Press, p. 22.
"Privacy can be defined in terms of having control over the extent,
timing, and circumstances of sharing oneself (physically, behaviorally, or
intellectually) with others."
IRB
Guidebook, Part III.D, Department of Health and Human Services, Office
for Human Research Protections.
Restricted Data and Restricted Access
"The confidentiality of individual
information can be protected by restricting the amount of information in released tables and
microdata files (restricted data) or by imposing
conditions
on access to
the data products (restricted access),
or by some combination of these." Federal Committee on Statistical
Methodology. (May 1994).
Report on Statistical Disclosure Limitation
Methodology, Statistical Policy Working Paper 22, Washington, DC: Office of Management and Budget, Office
of Information and Regulatory Affairs, Statistical Policy Office, p. 3.
Restricted Data
Organizations may use
statistical methods to limit disclosure. These "restricted
data procedures" are used to create products (e.g., tables and microdata)
that may be released without restrictions on their use. To
enable approved, qualified users to access more detailed data, an
organization may use administrative "restricted
access" procedures that protect the confidentiality of the data.
Restricted Access
For many legitimate research analyses,
restricted data products are not
adequate and often severely limit the amount of detail that is available. To
enable approved, qualified users to access the more detailed data, statistical
organization use administrative procedures that protect the confidentiality
of the data. In "restricted access," conditions
are imposed on who may access the data, for what purpose, at what location,
which variables may be accessed, etc.
Statistical
Purpose/Statistical Activities
"The term 'statistical purpose' — (A) means the description,
estimation, or analysis of the characteristics of groups, without
identifying the individuals or organizations that comprise such groups; and
(B) includes the development, implementation, or maintenance of methods,
technical or administrative procedures, or information resources that
support the purposes described in subparagraph (A). Confidential
Information Protection and Statistical Efficiency Act of 2002,
Section 502(9).
"The term 'statistical activities'— (A) means the
collection, compilation, processing, or analysis of data for the purpose of
describing or making estimates concerning the whole, or relevant groups or
components within, the economy, society, or the natural environment; and (B)
includes the development of methods or resources that support those
activities, such as measurement methods, models, statistical
classifications, or sampling frames." (Confidential
Information Protection and Statistical Efficiency Act of 2002, Section
502(7).
Statistical Disclosure Limitation Techniques
Before releasing statistical data or microdata files, organizations may be required by law, policy, and ethics to protect the
confidentiality of information collected from persons,
businesses, or other units. These organizations use a variety of statistical methods to protect their
data and to ensure that the risk of disclosure is very small. Such methods are called statistical disclosure limitation methods or statistical
disclosure control methods to reflect the realization that a
zero-risk of disclosure is an impossibly high standard and that the
collection of ANY data entails some risk, no matter how small.
Typically, an organization protects the confidentiality of data that it
collects by using one or both of the following techniques:
restricted data
products and restricted
access procedures.
