Data Access Confidentiality

Promoting a culture of confidentiality and maintaining the confidentiality of survey respondents is of paramount importance to Statistics Canada. It is the trust of the respondents that makes it possible for Statistics Canada to provide valuable data on the socio-economic condition of Canadian society. Under the Statistics Act, all employees and deemed employees must protect data confidentiality.

In the RDC, there are additional important elements of the culture of confidentiality. These include the physical and computer protection of the RDC, as well as the confidentiality vetting of research outputs before the results are released from the RDC. This chapter focuses on physical security of the RDC and computer protection

The RDC is a physically secure research facility, with reinforced ceilings, floors and walls and the door is either solid core or steel with tamperproof hardware and magnetic locks. Each centre also records RDC entries through electronic access cards.

Access to the RDC is contingent upon having:

a) A personnel security clearance

b) An active Microdata Research Contract (MRC)

c) A swipe card to open the door to the RDC

This pass must not be lent to or shared with others
Researchers are not permitted to let other people (including other RDC Researchers) into the RDC
If a security pass is lost or stolen, please report it immediately to RDC staff

Visitors are not allowed in the RDC, unless they are permitted entry and accompanied by RDC Staff

Personal Responsibility & Electronic Devices in the RDC

Although Researchers are permitted to carry their personal electronic devices with them in the RDC, they should be out of view when the researcher is in the vicinity of (secure) computer workstations or near any confidential material (e.g., printed outputs).
Researchers are prohibited from operating any communication, text editing/messaging, or image/text capture devices (e.g., laptop computers, tablets, E-readers, cellular phones or other devices with photographic capability) in the vicinity of (secure) computer workstations or near of any confidential material.
A cell phone (or similar communication device) must never be used to communicate/discuss confidential data or outputs with team members.
To answer a call, the researcher can do so away from the (secure) computer workstation by conducting the conversation outside of the RDC secure area.

If Researchers wish to have a conference call with team members in another RDC, it can be arranged through the Analyst where facilities are available.

Discussing confidential material on a wireless device is a breach of security.

Summary of Key Principles of Researcher Responsibilities for Physical and Computer Security
Elements	Controls	Responsibilities of the Deemed Employee
Physical Security	Controlled Entry-Swipe Cards	Only deemed employees are permitted to enter the RDC using their own swipe card. Researchers are not to share their swipe card with anyone else. Researchers many not let anyone into / out of the RDC.
Computer Security	Access to Data / Project files	Researchers are ONLY permitted to view data files which are listed on their active MRC. ONLY the Principal Investigator and Co-Investigators listed on the approved Microdata Contract are permitted to access / view the approved project files and data files. Although working in close proximity to other RDC Researchers, Researchers are not permitted to look at or discuss data and / or results with Researchers not listed on their active MRCs.
Computer Security	Procedures prohibiting use of electronic devices	Researchers are prohibited from operating any communication, text editing/messaging, or image/text capture devices (e.g., laptop computers, tablets, E-readers, cellular phones or other devices with photographic capability) in the vicinity of (secure) computer workstations or near of any confidential material.

Confidentiality Vetting and Removing Output from the RDC

The most important element of protecting respondents’ confidential information is Researchers who exercise caution when removing vetted outputs from the RDC and when reporting and publishing results. Researchers are responsible for applying the vetting rules to the outputs that they are preparing for release

Researchers are personally responsible for preventing the disclosure of confidential information.

Types of Output that vetting rules focus mainly on are:

Frequency data
Tables of magnitude (e.g., averages and totals)
Individual statistics (e.g., minimum and maximums)
Models which are equivalent to tables (e.g., a model with a single categorical variable or a model with all possible interactions)
Low cell counts and Residual tables with low cell counts
Anecdotal information
Narrowly defined geographical areas, or other sensitive variables1

Considerations when preparing output for vetting:

Provide weighted and unweighted outputs for all counts, frequencies and descriptive statistics
Complete the vetting request form
Limit the number of requests
Consider processing time when submitting request
Save all syntax files

Researchers are responsible for properly applying all vetting rules before submitting output to the Analyst for screening.

The rules and regulations also apply to hand-written notes produced in the RDC. At the end of a work session, hand-written notes are to be given to the Analyst for shredding, storage, or vetting. If Researchers wish to leave the RDC with their hand-written notes, those notes are to be checked by the Analyst only (Statistical Assistants are not authorized to vet notes). If the Analyst determines the notes contain no confidential information, the Researcher can leave the RDC with them.

Summary of Key Principles of Researcher Responsibilities for Protecting the Confidentiality ofUNVETTED Materials
Elements		Controls	Responsibilities of the Deemed Employee
Confidentiality Protection	Procedures for protecting Handwritten notes			Researchers are encouraged to make electronic notes rather than handwritten notes. If a Researcher makes handwritten notes, the notes should be (a) stored inside the RDC in a locked cabinet or other approved means of storage, or (b) be submitted to an Analyst for shredding, or (c) be submitted to an Analyst for approval. If approved by the Analyst, the notes may leave the RDC.
	Protection of Output Printed on Coloured Paper2			Researchers are discouraged from printing output Where printing on coloured paper is permitted, output must be properly stored inside the RDC or shredded before leaving the RDC.
	Rules around verbal discussions of unvetted confidential information			Researchers are not permitted to discuss unvetted results with ANYONE (including co-investigators on the contract) outside the RDC. This includes over the phone when a Researcher is in the RDC and the co-investigator is outside the RDC. Researchers are not permitted to discuss unvetted results inside the RDC with Researchers whom are NOT listed on their active MRC.

1 Check with the Analyst to see if the output contains sensitive variables

2 The colour of confidential paper may vary by RDC. See an Analyst for details.

Best Practices for Confidentiality Vetting Requests

Here are some ways that Researchers can minimize delays in the vetting process:

1.Schedule time with the Analyst well in advance of an initial vetting request and any anticipated deadlines. Check that the confidentiality vetting rules are understood and that the supporting documentation requirements are clear.

2.For descriptive statistic outputs, provide weighted and corresponding unweighted output in separate and well labeled files.

3. Restrict crosstabular analysis to two or three dimensions.

4. Limit the release of tabular output to just before the end of the project.

5. Take care when using small subgroups or small areas. Remember that the confidentiality vetting rules become stricter for sensitive variables, including detailed levels of geography, and that release of output is sometimes prohibited regardless of the minimum cell count and weighting requirements have been met.

6. Check with the Analyst for specific rounding rules on descriptive statistical outputs that are applicable to some surveys and administrative data.

7. Atypical outputs may require extra supporting documents. Check with the Analyst.

8. Check for errors and remove unneeded results before submitting files for vetting.

9. Provide all necessary details in the Vetting Request Form. Inform the Analyst if similar output has been previously released (include the details of the differences between similar requests). If applicable, separate requests with differently defined working samples and provide the Analyst the corresponding sample sizes.

10. Check survey documentation dissemination guidelines which will discuss data quality issues (such as sampling errors, non-sampling errors, coverage errors, response errors, non-response errors, and processing errors).[1]

Do not

1. Request tables for which the corresponding un-weighted cell counts are below the minimum requirement.

2. Request anecdotal information (such as min/max statistics).

3. Request graphs with individual data points plotted or show outliers (e.g. scatter plot of the raw data or box-plots)

4. Request unweighted outputs without first discussing this with the Analyst.

5. Discuss unvetted outputs or data with other RDC Researchers or persons whom are not listed on the MRC.

[1] While dissemination guidelines may seem similar to vetting rules, they are not the same. Both the dissemination guidelines and the vetting rules should be consulted, but for different reasons. Please note: Analysts will screen output using vetting rules, not dissemination guidelines.

Research Data Centre
1151 Richmond Street, SSC 6225
London, Ontario, Canada, N6A 5C2
Tel: 519-661-2111 x82971
rdc@uwo.ca
Privacy | Web Standards | Terms of Use | Accessibility

Key Topics:

About Us
Activities
Events
Data Access
People
Resources

Popular Resources:

Home

Location

Sociology Department