ACF Privacy and Confidentiality Analysis and Support
Revised Case Study Outline
I. Introduction
[Source of section information: Informed by public website, site representatives via interview, community stakeholder, organizations supporting the site, with input from the expert panel and ACF]
Purpose of the Case Study
Should identify the target audience and what they should expect to gain
Overview of the Site
Brief site description summarizing sponsoring organization, types of data that are being shared, and for what purpose(s)
Why this site was chosen as a case study site
Sources of Case Study Information/Who We Interviewed
II. Motivation for Data Sharing
[Source of section information: Informed by public website and site representatives via interview]
Project [Enterprise] Goals
Description of the Problem
Data Sharing as a Solution
Description of key supporters / champions
III. Applicable Data and Requirements
[Source of section information: Informed by public website and site representatives via interview]
Types of data/ data elements that were considered for sharing / shared
What data is being shared at the sector/program level
Laws & regulations relevant to the proposed data
What laws/regulations impact how this data is being shared/general limitations
IV. Enterprise Level - Where it started + where it is now (Elements and order will vary by case study.)
(Consider how each item was conducted before implementation of the data sharing initiative versus how these are accomplished now, where relevant.)
Data elements that were shared
Specific details of PII data elements that are shared
Data Governance Framework
Internal/external users permitted to access data and associated controls
Policy Control
a. Rules for behavior
Internal users/obtaining access and protocols for use
External users/obtaining access and protocols for use
Technical controls
Statistical confidentiality treatments (variable suppression, data coarsening, cell suppression, noise infusion, Differential Privacy, etc.)
Minimum necessary access to minimum necessary elements
Processes for ensuring data quality and consistency
Matching processes
Data documentation
Training
Data Security
System risks/concerns
Risk mitigation strategies
IT functionality that support data security
Transmission requirements
Storage requirements
Discussion of the sharing agreements and high-level discussion on unique issues
How agreements differ across data owners
How agreements differ by type of data use
If/how was transparency achieved
Relevant communications
V. Individual Project Level - Where it started / where it ended
(Individual projects or data users identified through discussion with the site administrator.)
Overview of a specific data-sharing project
Data elements being shared
See above for what else should be covered on a more specific basis
i. Obtaining access
ii. Matching procedures
iii. Statistical confidentiality treatments
iv. Data Security
Access
Transmission
Storage while in use
Deletion after use
D. The Outcome of the Project
VI. Data Privacy and Confidentiality Challenges (series of paragraphs based on challenge)
[Source of section information: Informed by site representatives and community stakeholders via interview]
Issues Raised by Stakeholders (e.g., data owners/data stewards, external, etc.)
Who was part of this discussion/who were the stakeholders?
What were their individual concerns/what issues did they raise?
Did stakeholders cite laws, policies, or local practice as barriers to data sharing?
How was “trust” discussed/described?
Response to each issue raised
Who/what staff were central to resolving issues?
Where did staff go for information to resolve these issues?
What finally resolved the issue?
Timeline for resolving issues
Challenges related to disclosure risk analysis and risk mitigation
VII. Monitoring and Sustainability
[Source of section information: Informed by site representatives via interview]
Statistics on Data Shared/Data Used
Sustainability/ Maintaining Funding
Ongoing Monitoring/ Data Governance Activities
Analyses Conducted Regarding Implementation and/or Outcome
VIII. Lessons Learned and Best Practices
[Source of section information: Informed by site representatives via interview]
Lessons Learned – What Would They Have Done Differently?
Best Practices – What Would They Recommend to Others?
Appendix A. Data Sharing Agreements
Appendix B. Other Site Resources
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Westat |
File Modified | 0000-00-00 |
File Created | 2024-10-07 |