Data Research Centre

Data Access Confidentiality

Promoting a culture of confidentiality and maintaining the confidentiality of survey respondents is of paramount importance to Statistics Canada. It is the trust of the respondents that makes it possible for Statistics Canada to provide valuable data on the socio-economic condition of Canadian society. Under the Statistics Act, all employees and deemed employees must protect data confidentiality.

In the RDC, there are additional important elements of the culture of confidentiality. These include the physical and computer protection of the RDC, as well as the confidentiality vetting of research outputs before the results are released from the RDC. This chapter focuses on physical security of the RDC and computer protection


The RDC is a physically secure research facility, with reinforced ceilings, floors and walls and the door is either solid core or steel with tamperproof hardware and magnetic locks. Each centre also records RDC entries through electronic access cards.

Access to the RDC is contingent upon having:

a)      A personnel security clearance

b)     An active Microdata Research Contract (MRC)

c)      A swipe card to open the door to the RDC

  • This pass must not be lent to or shared with others
  • Researchers are not permitted to let other people (including other RDC Researchers) into the RDC 
  • If a security pass is lost or stolen, please report it immediately to RDC staff

Visitors are not allowed in the RDC, unless they are permitted entry and accompanied by RDC Staff   


  Personal Responsibility & Electronic Devices in the RDC

If Researchers wish to have a conference call with team members in another RDC, it can be arranged through the Analyst where facilities are available.

Discussing confidential material on a wireless device is a breach of security.  

Summary of Key Principles of Researcher   Responsibilities for Physical and Computer Security

Elements

Controls

Responsibilities of the Deemed Employee

Physical Security

Controlled   Entry-Swipe Cards

  •   Only deemed employees are permitted to enter the RDC using their own swipe card.
  •   Researchers are not to share   their swipe card with anyone else.
  •   Researchers many not let   anyone into / out of the RDC.

Computer Security

Access   to Data / Project files

  •   Researchers are ONLY permitted to view data files   which are listed on their active MRC.
  •   ONLY the Principal Investigator and Co-Investigators   listed on the approved Microdata Contract are permitted to access / view the   approved project files and data files.    
  •   Although working in close proximity to other RDC Researchers,   Researchers are not permitted to look at or discuss data and / or results   with Researchers not listed on their active MRCs.

Procedures   prohibiting use of electronic devices

  •   Researchers are prohibited from operating any   communication, text editing/messaging, or image/text capture devices (e.g., laptop computers, tablets,   E-readers, cellular phones or other devices with photographic capability)   in the vicinity of (secure) computer workstations or near of any confidential   material.


Confidentiality Vetting and Removing Output from the RDC

The most important element of protecting respondents’ confidential information is Researchers who exercise caution when removing vetted outputs from the RDC and when reporting and publishing results. Researchers are responsible for applying the vetting rules to the outputs that they are preparing for release

  Researchers are personally responsible for preventing the disclosure of confidential information.

Types of Output that vetting rules focus mainly on are:

Considerations when preparing output for vetting:


Researchers are responsible for properly applying all vetting rules before submitting output to the Analyst for screening.

The rules and regulations also apply to hand-written notes produced in the RDC. At the end of a work session, hand-written notes are to be given to the Analyst for shredding, storage, or vetting. If Researchers wish to leave the RDC with their hand-written notes, those notes are to be checked by the Analyst only (Statistical Assistants are not authorized to vet notes). If the Analyst determines the notes contain no confidential information, the Researcher can leave the RDC with them.

Summary  of Key Principles   of Researcher Responsibilities for Protecting   the Confidentiality ofUNVETTED Materials

Elements 

Controls

Responsibilities of the Deemed Employee

Confidentiality                                                   

Protection

Procedures for   protecting Handwritten notes

  •   Researchers are encouraged to   make electronic notes rather than handwritten notes.
  •    If a Researcher makes handwritten notes, the   notes should be (a) stored inside the RDC in a locked cabinet or other   approved means of storage, or (b) be submitted to an Analyst for shredding,   or (c) be submitted to an Analyst   for approval. If approved by the Analyst, the notes may leave the RDC.

Protection   of Output Printed on Coloured Paper2

  •   Researchers are discouraged   from printing output
  •   Where printing on coloured paper   is permitted, output must be properly stored inside the RDC or shredded   before leaving the RDC.

Rules   around verbal discussions of unvetted confidential information

  •   Researchers are not permitted   to discuss unvetted results with ANYONE   (including co-investigators on the contract) outside the RDC. This includes over the phone when a Researcher   is in the RDC and the co-investigator is outside the RDC.
  •   Researchers are not permitted to discuss unvetted   results inside the RDC with Researchers   whom are NOT listed on their active   MRC.


1 Check with the Analyst to see if the output contains sensitive variables

2 The colour of confidential paper may vary by RDC. See an Analyst for details.

Best Practices for Confidentiality Vetting Requests

Here are some ways that Researchers can minimize delays in the vetting process:

Do

      1.Schedule time with the Analyst well in advance of an initial vetting   request and any anticipated deadlines. Check that the confidentiality vetting   rules are understood and that the supporting documentation requirements are   clear.

      2.For descriptive   statistic outputs, provide weighted and corresponding unweighted output in   separate and well labeled files.

      3. Restrict   crosstabular analysis to two or three dimensions.

      4. Limit the release   of tabular output to just before the end of the project.

      5. Take care when using small subgroups or small areas. Remember that the   confidentiality vetting rules become stricter for sensitive variables,   including detailed levels of geography, and that release of output is   sometimes prohibited regardless of the minimum cell count and weighting   requirements have been met.

      6.  Check with the Analyst for specific rounding rules on descriptive   statistical outputs that are applicable to some surveys and administrative   data.

      7.  Atypical outputs   may require extra supporting documents. Check with the Analyst.

      8.  Check for errors and remove unneeded results before submitting files   for vetting.

      9.  Provide all necessary details in the Vetting Request Form. Inform the   Analyst if similar output has been previously released (include the details   of the differences between similar requests). If applicable, separate   requests with differently defined working samples and provide the Analyst the   corresponding sample sizes.

      10. Check survey documentation dissemination guidelines which will discuss   data quality issues (such as sampling errors, non-sampling errors, coverage   errors, response errors, non-response errors, and processing errors).[1]  

Do not

      1.   Request   tables for which the corresponding un-weighted cell counts are below the   minimum requirement.

      2.   Request   anecdotal information (such as min/max statistics).

      3.   Request   graphs with individual data points plotted or show outliers (e.g. scatter   plot of the raw data or box-plots)

      4.   Request   unweighted outputs without first discussing this with the Analyst.

      5.     Discuss   unvetted outputs or data with other RDC Researchers or persons whom are not   listed on the MRC.



[1] While dissemination guidelines may seem similar to vetting rules, they are not the same. Both the dissemination guidelines and the vetting rules should be consulted, but for different reasons. Please note: Analysts will screen output using vetting rules, not dissemination guidelines.