Message:
Agencies that release youth data files must make every reasonable effort
to ensure the security and confidentiality of personally identifiable
youth information.
Implication:
Youth data lending-agencies must provide the data recipients with policies,
guidelines, and procedures that define their responsibilities for
data security.
|
The responsibilities of the data-lending agency are to:
- Institute policies, guidelines, and procedures that define the data recipients’
responsibilities for data security both during and after the research
activity.
- When applicable, utilize statistical disclosure limitation techniques
that restrict the amount of information released to the recipient.
- Develop and implement policies and procedures regarding the release of
data files under highly controlled conditions or through restricted
data access measures; recipients must uphold these requirements
and justify their methods for doing so.
- Require data recipients to submit a Privacy Certificate, a written certification
of the policies and procedures that the recipient will utilize
to protect the confidentiality of identifiable youth information
in research and statistical activities; acceptance by the lending
institution results in a legally binding agreement between the
lending agency and the researcher.
- Require data recipients to submit an Information Transfer Agreement prior
to receipt of the requested data. The request for transfer of
information describes the general objectives of the project and
certifies that the recipient will comply with all provisions of
the agreement relative to data access, non-allowances for re-transferring,
re-disseminating or re-publishing information, physical security,
project reporting, and physical destruction of data files after
project completion.
|
