For the reader's convenience, we present all the panel's recommendations, keyed to the chapters in which they appear.
CHAPTER 3 DATA SUBJECTS
Recommendation 3.1 Federal statistical agencies should follow a flexible, multilayered approach to informing data providers of the conditions under which they are being asked to provide information.
Recommendation 3.2 Basic information given to all data providers requested to participate in statistical surveys and censuses should include
for data on persons, information needed to meet all Privacy Act requirements. Similar information is recommended for data on organizations, except that the requirement to inform providers about routine uses (as defined by the Privacy Act) is not applicable.
a clear statement of the expected burden on the data providers, including the expected time required to provide the data (a requirement of the Office of Management
and Budget) and, if applicable, the nature of sensitive topics included in the survey and plans for possible follow-up interviews of some or all respondents.
no false or misleading statements. For example, a statement that implies zero risk of disclosure is seldom, if ever, appropriate.
information about any planned or potential nonstatistical uses of the information to be provided. There should be a clear statement of the level of confidentiality protection that can be legally ensured.
information about any planned or anticipated record linkages for statistical or research purposes. For persons, this notification will usually occur in conjunction with a request for the data subject's Social Security number.
a statement to cover the possibility of unanticipated future uses of the data for statistical or research purposes.
information about the length of time for which the information will be retained in identifiable form.
Recommendation 3.3 In keeping with the objective of giving individuals control over their own information whenever societal needs do not clearly take precedence, data subjects or data providers should be allowed to waive certain aspects of confidentiality protection that would usually be accorded to the information they provide. Agencies should take special care to ensure that any such waivers are based on fully informed consent.
Recommendation 3.4. Statistical agencies should undertake and support continuing research, using the tools of cognitive and survey research, to monitor the views of data providers and the general public on informed consent, response burden, sensitivity of survey questions, data sharing for statistical purposes, and related issues.
Recommendation 3.5 Federal statistical agencies should continue to develop systematic informational activities designed to inform the public of their ability to maintain the confidentiality of individually identifiable information, including use of legal barriers to disclosure and physical security procedures, and their intentions to minimize intrusions on privacy and the time and effort required to respond to statistical inquiries.
Recommendation 3.6 Agencies should be prepared to deal quickly and candidly with instances of ''moral outrage" that may be directed at statistical programs from time to time as a result of actual or perceived violations of pledges of confidentiality given to data providers by data collectors. The agencies should be prepared to explain the purpose of specific data collection activities and the procedures used to protect confidentiality. They should accept full responsibility if a violation occurs and should announce measures to prevent future violations.
Recommendation 3.7 As part of the communication process, statistical agencies should work more closely with appropriate advocacy groups, such as those concerned with civil liberties and those that represent the rights of disadvantaged segments of the population, and with specialists on ethical issues and human rights.
CHAPTER 4 DATA USERS
Recommendation 4.1 Greater opportunities should be available for sharing of explicitly or potentially identifiable personal data among federal agencies for statistical and research purposes, provided the confidentiality of the records can be properly protected and the data cannot be used to make determinations about individual data subjects. Greater access should be permitted to key statistical and administrative data sets for the development of sampling frames and other statistical uses. Additional data sharing should only be undertaken in those instances in which the procedures for collecting the data comply with the panel's recommendations for informed consent or notification (see Recommendations 3.2 and 3.3).
Recommendation 4.2 Federal statistical agencies should seek to improve the access of external users to statistical data, through both legislation and the development and greater use, under carefully controlled conditions, of tested administrative procedures.
Recommendation 4.3 All federal statistical agencies should establish systematic procedures for capturing information on a continuing basis about user requests for data that have been denied or only partially fulfilled. Such information should be used for periodic reviews of agency confidentiality and data access policies.
Recommendation 4.4 All users of federal data, regardless of the formal conditions of access, should subscribe to the following principles for responsible data use:
Conscientiously observe all conditions agreed to in order to obtain access to the data. Allow access to the original data set only by those permitted access under the agreed conditions of recipiency and ensure that all such persons are aware of the required conditions of use.
Make no attempt to identify particular individuals or other units whose data are considered to be confidential.
In the event that one or more individuals or other units are identified in the course of research, notify the organization that provided the data set, and do not inform anyone else of the discovered identities.
Recommendation 4.5 To promote knowledge of and adherence to the principles of responsible data use,
Federal statistical agencies should ask all recipients of federal microdata sets to submit to the releasing agency, in writing, their agreement to observe the above principles, plus any other conditions deemed necessary for specific data sets.
Professional societies and associations that have ethical codes, standards, or guidelines should incorporate these principles in them.
The principles and the justifications for them should be included in academic and other training for disciplines whose members are likely to be users of federal statistical data.
CHAPTER 5 LEGISLATION
Recommendation 5.1 Statistical records across all federal agencies should be governed by a consistent set of statutes and regulations meeting standards for the maintenance of such records, including the following features of fair statistical information practices:
a definition of statistical data that incorporates the principle of functional separation as defined by the Privacy Protection Study Commission,
a guarantee of confidentiality for data,
a requirement of informed consent or informed choice when participation in a survey is voluntary,
a requirement of strict control on data dissemination,
a requirement to follow careful rules on disclosure limitation,
a provision that permits data sharing for statistical purposes under controlled conditions, and
legal sanctions for those who violate confidentiality requirements (see Recommendation 5.3 for further discussion of this requirement).
Recommendation 5.2 Zero-risk requirements for disclosure of statistical records are, in practice, impossibly high standards. Regulations and policies under existing statutes should establish standards of reasonable care. New statutes should recognize that almost all uses of information entail some risk of disclosure and should allow release of information for legitimate statistical purposes that entail a reasonably low risk of disclosure of individually identifiable data.
Recommendation 5.3 There should be legal sanctions for all users, both external users and agency employees, who violate requirements to maintain the confidentiality of data.
CHAPTER 6 TECHNICAL AND ADMINISTRATIVE PROCEDURES
Recommendation 6.1 The Office of Management and Budget's Statistical Policy Office should continue to coordinate research work on statistical disclosure analysis and should disseminate the results of this work broadly among statistical agencies. Major statistical agencies should actively encourage and participate in scholarly statistical research in this area. Other agencies should keep abreast of current developments in the application of statistical disclosure limitation techniques.
Recommendation 6.2 Statistical agencies should determine the impact on statistical analyses of the techniques they use to mask data. They should be sure that the masked data can be accurately analyzed by a range of typical researchers. If the data cannot be accurately analyzed using standard statistical software, the agency should make appropriate consulting and software available.
Recommendation 6.3 Each statistical agency should actively involve data users from outside the agency as statistical disclosure limitation techniques are developed and applied to data.
Recommendation 6.4 Statistical agencies should continue widespread release, with minimal restrictions on use, of microdata sets with no less detail than currently provided.
Recommendation 6.5 Federal statistical agencies should strive for a greater return on public investment in statistical programs through carefully controlled increases in interagency data sharing for statistical purposes and expanded availability of federal data sets to external users.
Recommendation 6.6 Statistical agencies, in their efforts to expand access for external data users, should follow a policy of responsible innovation. Whenever feasible, they should experiment with some of the newer restricted access techniques, with appropriate confidentiality safeguards and periodic reviews of the costs and benefits of each procedure.
Recommendation 6.7 In those instances in which controlled access at agency sites remains the only feasible alternative, statistical agencies should do all they can to make access conditions more affordable and acceptable to users, for example, by providing access at dispersed agency locations and providing adequate user support and access to computing facilities at reasonable cost.
Recommendation 6.8 Significant statistical data files, in their unrestricted form, should be deposited at the National Archives and eventually made available for historical research uses.
CHAPTER 7 STATISTICAL DATA FOR ORGANIZATIONS
Recommendation 7.1 The principle of functional separation, which the panel endorsed in Recommendation 5.1 (a), should apply equally to data for persons and data for organizations.
Recommendation 7.2 Legislation that authorizes and requires protection of the confidentiality of data for persons and organizations should be sought for all federal statistical agencies that do not now have it and for any new federal statistical agencies that may be created (see also Recommendation 5.1).
Recommendation 7.3 Data providers, whether persons or organizations, should have ready access to as much information as they want about the uses of the information they are requested or required to provide to federal statistical agencies. They should be told who will have access to their data in individually identifiable form. Statements of the collecting agency's intentions should be clearly distinguished from statements describing what is authorized and required by statute.
Recommendation 7.4 There should be increased sharing of business lists for statistical purposes by federal and state agencies.
Recommendation 7.5 New legislation on sharing of business lists for statistical purposes should provide that government agencies that are now unable to guarantee protection against nonstatistical uses can have access to business lists if they acquire statutory authority for such protection in the future.
Recommendation 7.6 The Office of Management and Budget's Statistical Policy Office should develop uniform guidelines for federal statistical agencies covering the purposes for which waivers of confidentiality protections by organizations are considered acceptable and the methods of obtaining waivers from respondents. Efforts should be made to amend the confidentiality statutes of federal statistical agencies that would otherwise be prevented from using waivers for generally accepted statistical purposes.
Recommendation 7.7 Federal statistical agencies that collect data on organizations should make a special effort to improve access for statistical research and analysis by external users and, if necessary, should seek legislation that will permit them to develop licensing arrangements that allow such users to have access at their work sites, subject to penalties for violating the conditions under which they are allowed access to the data.
CHAPTER 8 MANAGING CONFIDENTIALITY AND DATA ACCESS FUNCTIONS
Recommendation 8.1 Each federal statistical agency should review its staffing and management of confidentiality and data access functions, with particular attention to the assignment within the agency of responsibilities for these functions and the background and experience needed for persons who exercise these responsibilities.
Recommendation 8.2 Statistical agencies should take steps to provide staff training in fair information practices, informed consent procedures, confidentiality laws and policies, statistical disclosure limitation procedures, and related topics.
Recommendation 8.3 Statistical agencies should establish mechanisms for allowing and encouraging greater external inputs into their decisions on confidentiality protection and data access.
Recommendation 8.4 The Statistical Policy Office should give high priority to proceeding with the development and issuance of the OMB Guidelines for Statistical Activities, with the full participation of the federal statistical agencies and the public.
Recommendation 8.5 The panel supports the general concept of an independent federal advisory body charged with fostering a climate of enhanced protection for all federal data about persons and responsible data dissemination for research and statistical purposes. Any such advisory body should promote the principle of functional separation and have professional staff with expertise in privacy protection, computer data bases, official statistics, and research uses of federal data.