Attachment C - Privacy

Attachment C

NASS Privacy Impact Assessment

NASS Privacy and Security

Every NASS employee is constantly aware of the critical importance of individuals’ data privacy and security. NASS employees embrace a firm commitment to data privacy security. It is a matter of integrity that is woven into every fiber of the Agency and its people.

The U. S. Code, Title 7 includes a section on "confidentiality of information" that is of considerable importance to NASS. The amended version of Section 2276 (11/97) on confidentiality provides NASS an even stronger legal basis for not revealing an individual respondent's data and now safeguards both Census and other survey data. Each year, every person working for NASS at headquarters and in each of the 46 field offices (whether Federal, State or contract) signs a confidentiality certification stating that survey information must not be compromised. Any offender would receive punishment of up to a $10,000 fine and/or 10 years in prison. The key segment of UNITED STATES CODE, Title 7, Section 2276 follows:

Confidentiality of information.

(a) In the case of information furnished under a provision of law . . . . , neither the Secretary of Agriculture, any other officer or employee of the Department of Agriculture or agency thereof, nor any other person may:

(1) use such information for a purpose other than the development or reporting of aggregate data in a manner such that the identity of the person who supplied such information is not discernible and is not material to the intended use of such information; or

(2) disclose such information to the public, unless such information has been transformed into a statistical or aggregate form that does not allow the identification of the person who supplied particular information.

(b) (1) In carrying out a provision of law . . . . , no department, agency, officer, or employee of the Federal Government, other than the Secretary of Agriculture, shall require a person to furnish a copy of statistical information provided to the Department of Agriculture.

(2) A copy of such information:

(A) shall be immune from mandatory disclosure of any type, including legal process; and

(B) shall not, without the consent of such person be admitted as evidence or used for any purpose in any action, suit, or other judicial or administrative proceeding.

(c) Any person who shall publish, cause to be published, or otherwise publicly release information collected pursuant to a provision of law . . . ., in any manner or for any purpose prohibited in section (a), shall be fined not more than $10,000 or imprisoned for not more than one year, or both.

Only authorized personnel are allowed access to NASS reports before the official release time. As NASS employees work on the 425 reports published each year, security of data and maintaining the privacy of individual reports are top priorities at all times. Every NASS field office and headquarters unit employs strict security procedures when working on reports. Only NASS employees working on a specific report have access to the data, and work areas are limited to those employees involved in the report process. Employees who do not have direct involvement with a specific report are prohibited from accessing the data until they are released to the public.

NASS Privacy and Confidentiality

Names, addresses, and personal identifiers are never revealed nor kept with data. After data collection, NASS transfers the data from the questionnaires into a computer system. The only identifier left with the data is a numeric identification number, used by our State offices for quality control purposes. The actual questionnaires are kept in a secure area, usually for a year, then destroyed. Names, addresses, phone numbers, social security numbers, and employee identification numbers are used only by NASS State offices. This information is never released to anyone outside the agency.

NASS survey and census data never leave NASS facilities. Reported data collected for the NASS annual statistics program and the 5-year census of agriculture never leave NASS. They are not shared with any organizations or individuals - not even other USDA or government agencies. Employees are not allowed to take questionnaires or data listings off-site. Data security and maintaining individual privacy are our top priorities.

Only authorized persons working for NASS as employees or sworn partners, who are subject to fines and imprisonment for unauthorized disclosure, can access NASS data and only for approved statistical purposes. Every person working for NASS signs a confidentiality form which states that no survey information will be compromised. There has never been a breach of trust in NASS history. Any offender would receive punishment of up to a $10,000 fine and/or 10 years in prison.

When NASS collects data for others in a NASS approved statistical study, farmers and ranchers will always be informed about the cooperating sponsor and participation will always be voluntary. When NASS agrees to collect data for selected organizations, such as a university or other government agency, NASS will clearly communicate the name of the sponsoring organization and the purpose of the survey. If we feel the reporting burden is too great or the needs of the agricultural community will not be served by the survey, we will not conduct the survey. Although the data are collected by NASS on behalf of the sponsoring organization, all personal identifiers such as name, address, phone number, etc., are removed. Results of the study are published.

Summary data from all NASS surveys and censuses are available to everyone, but will never disclose individual reported information. NASS releases published data to everyone at the same time. Most reports are available on the Internet within minutes of the scheduled release. Participants in the survey can rest assured that no individual data will be disclosed. For instance, if only one farm produced rice in Pulaski County, Arkansas, then NASS will protect the privacy of that individual farm by not publishing rice data for Pulaski County. Instead, the data would be combined with reports from other counties in the State and published at the aggregate level. No reported data are ever published in a way that would identify an operation.

The specific law addressing data disclosure for NASS employees is UNITED STATES CODE,

Title 18, Section 1905, the key segment of which follows:

Disclosure of confidential information generally. Whoever, being an officer or employee of the United States or of any department or agency thereof, publishes, divulges, discloses, or makes known in any manner or to any extent not authorized by law any information coming to him in the course of his employment or official duties or by reason of any examination or investigation made by, or return, report or record made to or filed with, such department or agency or officer or employee thereof, which information concerns or relates to the trade secrets, processes, operations, style of work, or apparatus, or to the identity, confidential statistical data, amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or association; or permits any income return or copy thereof or any book containing any abstract or particulars thereof to be seen or examined by any person except as provided by law; shall be fined not more than $1,000, or imprisoned not more than one year, or both and shall be removed from office or employment.

Access to Unpublished Data

NASS operates under basic confidentiality and data access policies. The periodic censuses of agriculture and NASS sample surveys are conducted under express confidentiality statutes. Survey and census data can be used only for statistical purposes. NASS will uphold the confidentiality pledge while allowing permissible data access for purposes designed to serve the general public and contribute significantly to understanding the agriculture sector.

NASS follows the following set of data access principles.

1. Name , address, and other personal identifier information can never be shared and is not attached to data files.

B. Census of Agriculture and NASS core survey data files can never be used outside of NASS facilities.

C. The first choice in answering an information request is to publish an additional data report or add the information to an existing statistical report.

D. The second choice in answering an information request is for NASS to create special data tabulations which are checked to ensure that no confidential data are being revealed.

E. NASS has established secured Data Lab capabilities within its Headquarters and certain State Statistical Offices. Only NASS employees and people doing work for NASS as sworn employees will have access to data in the Data Lab.

F. USDA agencies, non-regulatory federal statistical agencies, and public educational institutions occasionally may have needs for data analysis that exceed categories C and D. In those cases, the specific individuals may apply for possible sworn employee status.

G. All data requests must specify the purpose as well as data elements and levels of geography needed. NASS will determine if the request is appropriate and in what form it can be fulfilled. Data can only be made available for approved statistical activities.

H. Organizations may sponsor specific data collections or add questions to planned surveys through involvement in the planning process and direct or indirect funding. Government organization and public educational institution sponsors may receive data files if they are clearly identified as sponsors on the survey questionnaire.

I. Sponsorship will not be accepted for an agricultural census, a census follow-on study, any other mandated surveys, or any core NASS program.

10. Only tabulated data sets can be released from a NASS Data Lab; no individual data will be released. All tabulations will be reviewed for non-disclosure compliance before release.

11. All Data Lab certified data sets are publishable data. NASS will develop a procedure which will describe all created data sets and will make them available to the public upon request.

Privacy Act and Freedom of Information Act

The purposes of the Privacy Act of 1974 (Title 5 Section 552a of the U.S. Code) are to safeguard individual privacy by preventing misuse of Federal records and to allow individuals to review and amend records maintained about them by Federal agencies. The Privacy Act covers "systems of records" which contain personal information (such as age, race, sex, social security number, education, employment history, and income) and from which agencies retrieve information by names or other personal identifiers (such as social security number).

Only a few items on the questionnaires for surveys listed above qualify under the Act. The remaining items on these questionnaires, as well as items on all other NASS questionnaires, pertain only to information about the farm business and are excluded from the requirements of the Act.

All survey instruments used by Headquarters Units and State Statistical Offices must be in compliance with the provisions of the Privacy Act. Respondents to surveys which qualify under the Act must be provided with the following information.

(1) Authority for collection of data must be stated on the survey instrument. The authority for NASS data collection is in Title 7 Section 2204(a) of the U.S. Code, the "Organic Act," which describes the general duties of the Secretary of Agriculture to "procure and preserve all information concerning agriculture and rural development which he can obtain...by the collection of statistics...."

(2) The principal purposes for which information is intended to be used must be stated.

(3) All "routine uses" of the data must be identified. Under the Privacy Act "routine use" is defined as use outside the collecting agency (e.g., USDA) for a purpose compatible with the stated purpose for collecting the information. Since individually identifiable data from NASS surveys are not routinely disclosed outside USDA, no routine use statement is required.

(4) Whether reporting by a respondent is mandatory or voluntary, the effects, if any, of not providing all or part of the requested information must be included. Responses are voluntary for all NASS surveys identified as covered by the Act.

(5) Use of social security numbers must be stated. The Privacy Act requires agencies which ask for social security numbers to inform individuals whether "...disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it." Collection is authorized by Title 7 Section 2204(a) of the U.S. Code, is voluntary, and will be used only within NASS for identification purposes.

All requests based on the Freedom of Information Act or other legal aspects are referred to the Associate Administrator. All NASS Census and survey data are legally exempt from the Freedom of Information Act.

Data Collection

Information collected from individual respondents or objective measurements made in the field for any data collection effort are protected from disclosure under the provisions of U.S. Code Title 18, Section 1905 "Disclosure of Confidential Information," and U.S. Code Title 7, Section 2276 "Confidentiality of Information." This coverage applies regardless of the form in which the information is kept--original paper document, microfilm, microfiche, computer tape, computer disk, electronic data reporting, or any other form.

Every questionnaire used by NASS in the collection of data must include a statement that the data provided by the respondent will be kept confidential. The pledge of confidentiality must be included whether the data are collected by mail, telephone, personal interview, or electronic data reporting. For computer-assisted telephone interviews, the pledge should be a part of the introductory text read to the respondent.

To comply with the Privacy Act of 1974 authority for collection of data must be stated on NASS survey instruments or located under the Security and Privacy button on the web page for any survey that obtains personal information (such as age, race, sex, social security number, education, employment history, and income) and from which NASS can retrieve information by names or other personal identifiers (such as social security number). NASS surveys that currently meet these criteria are: The Census of Agriculture, Agricultural Survey Program, Agricultural Labor Survey, Agricultural Resource Management Study, and List Sampling Frame criteria questionnaires. A statement similar to the following should be placed on the front page of questionnaires mailed to respondents, be read at the beginning of each telephone or face-to-face interview, or put in the appropriate place for web-based surveys along with the confidentiality pledge:

Authority for collection of information on _______ is Title 7, Section 2204 of the U.S. Code. It will be used to compile and publish estimates of _______ for (State) and the United States. Response to this survey is voluntary.

All questionnaires have an introduction or cover letter briefly stating the purpose of the survey, general topics covered, uses of the data, benefits to the respondent, that cooperation is voluntary, and that response is confidential. While the introduction wording may vary, inclusion of the voluntary and confidential response statements is mandatory except for a few documented cases.

Operator Social Security Number and Employer Identification Number will be asked or verified.

Example: Is your Social Security Number and Employer Identification Number printed correctly on the label?

To assist in identifying duplication within our list of farm operators, please report your Social Security Number. If your operation has a Federal Employer Identification Number, this would also be helpful. Disclosure of your Social Security Number is voluntary. It is collected under the general authority of Title 7, Section 2204, of the U.S. Code.

NASS Physical and Computer Security

NASS employs rigorous controls in order to carry out sound security practices. NASS operates under strong confidentiality legislation which protects all data reported to the Agency and legislation which subjects employees to fines and/or prison sentences for violation of confidentiality provisions. All employees must annually re-certify to the regulations. All survey data and summaries are controlled on a strict need-to-know basis and secured when not in use. NASS data networks are firewall and application access controlled and closely audited by security specialists. NASS regularly commissions outside security reviews and corrects any vulnerabilities found in those reviews. Differing levels of physical security are employed, depending on the market sensitivity of particular reports. For the most market sensitive reports, a secured work area has been constructed and reports are finalized only after all outside communications have been disabled and an armed guard is posted to prevent anyone from leaving the area and to admit only authorized personnel.

NASS has programs and policies in place for securing its resources as required by the Government Information Security Reform Act (P.L. 106-398, title X, subtitle G). Those procedures address all major components of information security and apply to all NASS operating components. In addition, NASS is subject to statutory requirements to protect the sensitive information it gathers and maintains on individuals.

NASS computer hardware and software systems and data files are protected by state-of-the-art security technology. They are monitored by security officers and routinely audited. Virus scans are executed on every computer when employees log into the NASS computer network.