Date: July 8, 2010
From: Juan M. Sanchez, Vice President for Research
RE: Data Use Agreements
The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA) established uniform policy for confidentiality protection of statistical information collections sponsored or conducted by more than 70 Federal agencies. Data sharing among specified agencies (Bureaus of Economic Analysis, Labor Statistics and Census) to include identifiable data for statistical purposes is authorized and encouraged. Information that can be used to distinguish or track an individual’s identity such as name, Social Security Number, or biometric information as well as information that could be used in conjunction with other data elements to reasonably infer the identity of a respondent such as a combination of gender, race, date of birth, geographic indicators, or other descriptors is protected. Special procedures are required for use of laptop computers, PDAs, zip drives, floppy disks, CD-ROMs or any other IT devices.
As a result, data use agreements have become more stringent and usually require written plans documenting the procedures that will be utilized to protect covered information and data use agreements require execution by a person with authority to sign agreements on behalf of the university. The Office of Sponsored Projecsts (OSP) has developed a template Sensitive Data Protection Plan (SDCP) form to assist recipients of these data to articulate the procedures that will be followed. OSP works with the Information Security Office in reviewing and auditing SDCPs when data are housed on university computers, and will provide guidance upon request for data housed on non-university owned computers e.g. student owned computers utilized for student projects. OSP has also worked with many college and research center offices including TACC to develop template procedures to expedite the process.
If you have questions, please contact Dr. Susan Wyatt Sedwick in OSP at firstname.lastname@example.org.