presenting grouped figures, there are situations in which the size and/or the distribution of those groups can reveal more information about individuals … than had been publicly known.” The statement makes the case that the context of privacy protection has changed. The same powerful and sophisticated electronic technologies that have made data readily accessible to the public “pose a distinct threat—in perception if not in reality—to privacy, as well as a potential for inflicting great harm on persons.”

Zarate shared several illustrations of the risk of disclosure and techniques for overcoming those risks based on his experiences at NCHS. Like the NSF act of 1950, as amended, the Public Health Service Act of 1974 contains language specifying that no identifiable information may be used for any purpose other than for which it was provided, nor may be it released to any party not agreed to by the supplier (Section 308(d)). The protection of data at the agency engages a confidentiality officer, a disclosure review board, and the data division director. As part of the review process, the agency uses a disclosure checklist, which contains a series of questions to determine the geographic detail, the presence of sensitive variables (such as age, race, occupation, income, and household type), and whether other databases contain similar data. It is recognized that risk of disclosure remains even if all possible protections are applied, so the rule is that protection is paramount. Data are released for research “only when the risk is judged to be extremely low” (National Center for Health Statistics, 2004, p. 14).

In response to a question, Zarate stated that NCHS reviews its decisions on risk of disclosure every 4 years or so because threats change as computational power and techniques evolve.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement