OHSS recognizes the importance of protecting the identity of individuals included in the data used to generate tabulations, reports, and research. More information on the Department of Homeland Security' privacy policies is available on the Privacy Office website.
To protect the confidentiality of Office of Homeland Security Statistics (OHSS) data and tabulations containing information about individuals (individually identifiable information). For this reason, staff must be cognizant of the requirements of the law and must monitor the confidentiality of individually identifiable information in their daily activities and in the release of information to the public.
Key Terms
Cell Suppression is used to combine or conceal cells in frequency tabulations when counts are lower than three (3) in order to minimize the risk that individuals can be identified.
Confidentiality involves the protection of individually identifiable data from unauthorized disclosures.
Disclosure limitation techniques preserve an individual's data on public-use data files by reducing the level of detail used to report some variables. Examples of these techniques include: recoding continuous variables into intervals; recoding categorical data into broader intervals; and top or bottom coding the extreme values of continuous distributions such as age.
Individually identifiable data refers specifically to data from any list, record, file, application, or tabulation about individual(s) from which information about particular individuals may be revealed by either direct or indirect means.
Public-use data files include a subset of data that have been coded, aggregated, or otherwise altered to mask individually identifiable information, and thus, is available to all external users. Unique identifiers, personal identifiers (social security number, A-number), geographic detail, and other variables that cannot be suitably altered are not included in public-use data files
Legal Requirements
The Privacy Act of 1974 governs the protection of the confidentiality of individually identifiable information collected and or disseminated by all DHS organizations. Information that Office of Immigration Statistics (OIS) collects for statistical purposes is protected under the E-Government Act of 2002. The Immigration and Nationality Act provides specific instructions regarding the confidentiality of immigration-related statistical information. The OIS also follows the confidentiality guidelines as outlined in the Federal Statistical Confidentiality Order of 1997.
Demographic data are usually collected via forms filled out by individuals. Only information provided by legal permanent residents and U.S. citizens are technically subject to the Privacy Act of 1974; however, the OIS will follow the confidentiality rules as a matter of policy for all aliens. Tabulations of nonimmigrants and aliens apprehended or removed, therefore, are subject to the confidentiality standards.
Certain information collected in the Performance Analysis System, sometimes referred to as the "workload system," does potentially identify individuals (e.g., apprehensions as recorded on Form G-23.18) and is subject to the confidentiality standards. The more common type of information contained in the workload system referring to counts (applications, admissions, removals, etc.) summarized by office and month with no other attributes are not subject to the Privacy Act and do not have to be protected.
Privacy Act of 1974, as amended— "The purpose of this Act is to provide certain safeguards for an individual against invasion of personal privacy by requiring Federal agencies to collect, maintain, use or disseminate any record of identifiable personal information in a manner that assures that such action is for necessary and lawful purpose, that the information is current and accurate for its intended use, and that adequate safeguards are provided to prevent misuse of such information." A willful disclosure of individually identifiable data is a misdemeanor, subject to a fine up to $5,000. The OIS must not provide any set of records (data files) or tabulations to the public that allow an individual to be identified through direct or indirect means.
E-Government Act of 2002, Title V, Subtitle A, Confidential Information Protection (CIP 2002) — "Under this law, all individually identifiable information supplied by individuals or institutions to a federal agency for statistical purposes under the pledge of confidentiality must be kept confidential and may only be used for statistical purposes. Any willful disclosure of such information for nonstatistical purposes, without the informed consent of the respondent, is a class E felony."
Immigration and Nationality Act, Section 103(c)(1) — "The Commissioner, in consultation with interested academicians, government agencies, and other parties, shall provide for a system for collection and dissemination, to Congress and the Public of information (not in individually identifiable form) useful in evaluating the social, economic, environmental, and demographic impact of immigration laws."
Federal Statistical Confidentiality Order of 1997 - This Office of Management and Budget Order provides a consistent government policy for "protecting the privacy and confidentiality interests of persons who provide information for Federal statistical programs." The Order defines relevant terms and provides guidance on the content of confidentiality pledges that federal statistical programs should use under different conditions. The Order provides language for confidentiality pledges under two conditions —first, when the data may only be used for statistical purposes; second, when the data are collected exclusively for statistical purposes, but the agency is compelled by law to disclose the data.
Standard 1-1
All OIS staff (employees and contract employees) must sign a form indicating that they have read and will follow the confidentiality standards not to release any individually identifiable data, for any purpose, to any person not sworn to the preservation of confidentiality.
Standard 1-2
All materials having individually identifiable data must be kept secure at all times through the use of passwords and secure data handling and storage.
Standard 1-3
OIS distributes tabulations to the public (or intended for use by the public such as provided to Public Affairs) only if all cell frequencies are three (3) or more. This rule excludes table cells with zero (0) cases because there are no data to protect in the cell. Cell suppression may be performed using several methods:
- Placing the letter "D" in the suppressed cells and adding the footnote immediately at the bottom (or foot) of the table reading "D - Data withheld to limit disclosure."
- Redesigning the tabulations by combining rows so that all cells meet the threshold frequency of 3 or more. EXAMPLE: Combine rows for countries with low counts into "Other Asia" or "Other Europe" depending on the continent.
- Redesigning the tabulations by combining columns so that all cells meet the threshold frequency of 3 or more.
Standard 1-4
Data collection performed by the OIS, or an OIS contractor, for statistical purposes must inform respondents in a cover letter or in instructions that "Your answers may be used only for statistical purposes and may not be disclosed, or used, in identifiable form for any other purpose except as required by law." Furthermore, the routine statistical purposes for which the data may be used must be explained.
Standard 1-5
OIS will not release public-use data files containing individual records (e.g., legal permanent residents) until further notice.
References
A comprehensive set of references is contained in the American Statistical Association's website, Privacy and Confidentiality Website.