Date: July 8, 2010
From: Juan M. Sanchez, Vice President for Research
RE: Data Use Agreements
The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA) established uniform policy for confidentiality protection of statistical information collections sponsored or conducted by more than 70 Federal agencies. Data sharing among specified agencies (Bureaus of Economic Analysis, Labor Statistics and Census) to include identifiable data for statistical purposes is authorized and encouraged. Information that can be used to distinguish or track an individual’s identity such as name, Social Security Number, or biometric information as well as information that could be used in conjunction with other data elements to reasonably infer the identity of a respondent such as a combination of gender, race, date of birth, geographic indicators, or other descriptors is protected. Special procedures are required for use of laptop computers, PDAs, zip drives, floppy disks, CD-ROMs or any other IT devices.
As a result, data use agreements have become more stringent and usually require written plans documenting the procedures that will be utilized to protect covered information. The Office of Sponsored Projecsts (OSP) has developed a template Sensitive Data Protection Plan (SDCP) form to assist recipients of these data to articulate the procedures that will be followed. However, many of these data are used by students or faculty for projects that are not funded by external sponsors. In those instances, it is the responsibility of the College to execute those agreements and to review the procedures for adequacy. The Information Security Office can provide assistance in reviewing and auditing SDCPs when data are housed on university computers, and will provide guidance upon request for data housed on non-university owned computers. Inquiries may be sent to firstname.lastname@example.org.
Attached find a copy of the template SDCP that should be used when the data use agreement does not fully articulate the procedures which will be utilized to protect the confidentiality of the data. If you have questions, please contact Dr. Susan Wyatt Sedwick in OSP at email@example.com.
Procedure outlined above by the Vice President for Research
Funded by External Sponsors [Word]