PDF & Related Info
ContactThe Privacy Act of 1974 states that Federal agencies are required "to collect, maintain, use, or disseminate any record of identifiable personal information in a manner that assures…that adequate safeguards are provided to prevent misuse of such information."
Chapter Contents
The protection of survey databases that contain individually identifiable information is founded on the following statutes:
This law protects the privacy of personal data maintained by the Federal Government. It imposes numerous requirements upon Federal agencies to safeguard the confidentiality and integrity of personal data, and limits the uses to which one may put the data. (For the full text of the law, see appendix C.)
Under the direction of the Office of Management and Budget, key Federal agencies issue policies, standards, and guidelines for protecting personal data.
A key standard is the Federal Information Processing Standard Publication (FIPSPUB) 41, Computer Security Guidelines for Implementing the Privacy Act of 1974. FIPSPUB 41 provides guidance to ensure that government-provided individually identifiable information is adequately protected in accordance with Federal statutes and regulations.
The Computer Security Act of 1987, Public Law (P.L.) 100-235, dated January 8, 1988, requires each Federal agency to identify all Federal computer systems that contain sensitive information and implement security plans to protect these systems. The Computer Security Act defines the term "sensitive information" as any unclassified information, which could adversely affect the:
Agencies are required to protect this information against loss, misuse, disclosure or modification.
The Education Sciences Reform Act of 2002 (ESRA 2002) authorizes the Institute of Education Sciences (IES) to collect and disseminate information about education in the United States. Collection is most often done through surveys. This Act, which incorporates and expands upon the Privacy Act of 1974, requires strict procedures to protect the privacy of individual respondents.
This Act replaces the National Education Statistics Act of 1994 (NESA 1994). (For the full text of the law, see appendix D.)
Individually identifiable information about students, their families, and their schools, cannot be revealed. No person may
The Act requires IES to develop and enforce standards to protect the confidentiality of students, their families, and their schools in the collection, reporting, and publication of data.
Anyone who violates the confidentiality provisions of this Act when using the data shall be found guilty of a class E felony and can be imprisoned up to five years, and/or fined up to $250,000.
The USA Patriot Act of 2001 amended NESA 1994 by permitting the Attorney General to petition a Judge for an ex parte order requiring the Secretary of the Department of Education to provide NCES data that are identified as relevant to an authorized investigation or prosecution of an offense concerning national or international terrorism to the Attorney General. Any data obtained by the Attorney General for these purposes must be treated as confidential information, "consistent with such guidelines as the Attorney General, after consultation with the Secretary, shall issue to protect confidentiality." This amendment was incorporated into ESRA 2002. (For the full text of the law, see appendix D).
Following the enactment of the Patriot Act, the 107th Congress enacted the E-Government Act of 2002, Title V, Subtitle A, Confidential Information Protection (CIP 2002) which requires that all individually identifiable information supplied by individuals or institutions to a federal agency for statistical purposes under the pledge of confidentiality must be kept confidential and may only be used for statistical purposes. Any willful disclosure of such information for nonstatistical purposes, without the informed consent of the respondent, is a class E felony.
