Promoting a culture of confidentiality and maintaining the confidentiality of survey respondents is of paramount importance to Statistics Canada. It is the trust of the respondents that makes it possible for Statistics Canada to provide valuable data on the socio-economic condition of Canadian society. Under the Statistics Act, all employees and deemed employees must protect data confidentiality.
In the RDC, there are additional important elements of the culture of confidentiality. These include the physical and computer protection of the RDC, as well as the confidentiality vetting of research outputs before the results are released from the RDC. This chapter focuses on physical security of the RDC and computer protection
The RDC is a physically secure research facility, with reinforced ceilings, floors and walls and the door is either solid core or steel with tamperproof hardware and magnetic locks. Each centre also records RDC entries through electronic access cards.
Access to the RDC is contingent upon having:
a) A personnel security clearance
b) An active Microdata Research Contract (MRC)
c) A swipe card to open the door to the RDC
Visitors are not allowed in the RDC, unless they are permitted entry and accompanied by RDC Staff
If Researchers wish to have a conference call with team members in another RDC, it can be arranged through the Analyst where facilities are available.
Discussing confidential material on a wireless device is a breach of security.
Summary of Key Principles of Researcher Responsibilities for Physical and Computer Security |
||
Elements |
Controls |
Responsibilities of the Deemed Employee |
Physical Security |
Controlled Entry-Swipe Cards |
|
Computer Security |
Access to Data / Project files |
|
Procedures prohibiting use of electronic devices |
|
The most important element of protecting respondents’ confidential information is Researchers who exercise caution when removing vetted outputs from the RDC and when reporting and publishing results. Researchers are responsible for applying the vetting rules to the outputs that they are preparing for release
Researchers are personally responsible for preventing the disclosure of confidential information. |
Types of Output that vetting rules focus mainly on are:
Considerations when preparing output for vetting:
Researchers are responsible for properly applying all vetting rules before submitting output to the Analyst for screening.
The rules and regulations also apply to hand-written notes produced in the RDC. At the end of a work session, hand-written notes are to be given to the Analyst for shredding, storage, or vetting. If Researchers wish to leave the RDC with their hand-written notes, those notes are to be checked by the Analyst only (Statistical Assistants are not authorized to vet notes). If the Analyst determines the notes contain no confidential information, the Researcher can leave the RDC with them.
Summary of Key Principles of Researcher Responsibilities for Protecting the Confidentiality ofUNVETTED Materials |
||||
Elements |
Controls |
Responsibilities of the Deemed Employee |
||
Confidentiality Protection |
Procedures for protecting Handwritten notes |
|
||
Protection of Output Printed on Coloured Paper2 |
|
|||
Rules around verbal discussions of unvetted confidential information |
|
1 Check with the Analyst to see if the output contains sensitive variables
2 The colour of confidential paper may vary by RDC. See an Analyst for details.
Here are some ways that Researchers can minimize delays in the vetting process:
Do |
1.Schedule time with the Analyst well in advance of an initial vetting request and any anticipated deadlines. Check that the confidentiality vetting rules are understood and that the supporting documentation requirements are clear. |
2.For descriptive statistic outputs, provide weighted and corresponding unweighted output in separate and well labeled files. |
3. Restrict crosstabular analysis to two or three dimensions. |
4. Limit the release of tabular output to just before the end of the project. |
5. Take care when using small subgroups or small areas. Remember that the confidentiality vetting rules become stricter for sensitive variables, including detailed levels of geography, and that release of output is sometimes prohibited regardless of the minimum cell count and weighting requirements have been met. |
6. Check with the Analyst for specific rounding rules on descriptive statistical outputs that are applicable to some surveys and administrative data. |
7. Atypical outputs may require extra supporting documents. Check with the Analyst. |
8. Check for errors and remove unneeded results before submitting files for vetting. |
9. Provide all necessary details in the Vetting Request Form. Inform the Analyst if similar output has been previously released (include the details of the differences between similar requests). If applicable, separate requests with differently defined working samples and provide the Analyst the corresponding sample sizes. |
10. Check survey documentation dissemination guidelines which will discuss data quality issues (such as sampling errors, non-sampling errors, coverage errors, response errors, non-response errors, and processing errors).[1] |
Do not |
1. Request tables for which the corresponding un-weighted cell counts are below the minimum requirement. |
2. Request anecdotal information (such as min/max statistics). |
3. Request graphs with individual data points plotted or show outliers (e.g. scatter plot of the raw data or box-plots) |
4. Request unweighted outputs without first discussing this with the Analyst. |
5. Discuss unvetted outputs or data with other RDC Researchers or persons whom are not listed on the MRC. |
[1] While dissemination guidelines may seem similar to vetting rules, they are not the same. Both the dissemination guidelines and the vetting rules should be consulted, but for different reasons. Please note: Analysts will screen output using vetting rules, not dissemination guidelines.