Download: docx | pdf

EMPLOYEE OR CONTRACTOR’S ASSURANCE OF CONFIDENTIALITY

Statement of Policy

Westat is firmly committed to the principle that information, especially sensitive or personal information, must be protected. This principle holds whether or not any specific security or confidentiality guarantee was given or whether or not there are specific contractual obligations to the client. When guarantees have been given or contractual obligations regarding information security have been entered into, they may impose additional requirements which are to be adhered to strictly.

Procedures for Maintaining Confidentiality

All Westat employees and contractors shall sign this assurance of confidentiality. This assurance may be superseded by another assurance for a particular project. Everyone shall keep completely confidential any information in identifiable form or personally identifying information, all information or opinions collected in the course of their work, and any such information learned incidentally. Everyone must exercise reasonable caution to prevent access by others to sensitive information in their possession.

Unless specifically instructed otherwise for a particular project, an employee or contractor, upon encountering a respondent or information pertaining to a respondent that s/he knows personally, shall immediately terminate the activity and contact her/his supervisor for instructions.

Information containing personal identifiers in Westat offices shall be kept in a locked container or a locked room when not being used each working day in routine activities. Reasonable caution shall be exercised in limiting access to such information to only those persons who have a need to know and who meet the applicable access requirements for that project. Where information has been determined to be particularly sensitive, that information shall be kept in locked containers or in a locked room except when actually being used by an individual who has signed this pledge.

Ordinarily, serial numbers shall be assigned to respondents prior to creating a machine-processible record and identifiers such as name, address, and Social Security number shall not ordinarily, be a part of the machine record. When identifiers are part of the machine data record, Westat’s Manager of Data Processing shall be responsible for determining adequate confidentiality measures in consultation with the project director. When a separate file is set up containing identifiers or linkage information which could be used to identify data records, this separate file shall be kept locked up when not actually being used each day in routine survey activities.

When sensitive information is to be given into the keeping of another party, the other party shall be informed of these procedures and shall sign an Assurance of Confidentiality form.

Each project director shall be responsible for ensuring that all personnel and contractors involved in handling information on a project are instructed in these procedures throughout the period of performance. When there are specific contractual obligations to the client regarding confidentiality, the project director shall develop additional procedures to comply with these obligations and shall instruct Westat staff, contractors, consultants, and any other persons who work on the project in

these additional procedures. At the end of the period of performance, the project director shall arrange for proper storage or disposition of information including any particular contractual requirements for storage or disposition. When required to turn over survey data to our clients, projects must provide proper safeguards to ensure confidentiality up to the time of delivery.

Project directors shall ensure that information management practices adhere to the provisions of the

U.S. Privacy Act of 1974, the Federal Information Security Management Act (FISMA), the Health Insurance Portability and Accountability Act, and other applicable laws, regulations, and policies when information is gathered, processed, or stored for the Federal Government. Project directors must ensure that procedures are established that comply with contractual requirements. Project staff, contractors, consultants, and other persons who work on the project are required to follow the established procedures, Westat policies, and applicable contractual and legal requirements. Failure to follow these procedures, policies, and requirements may result in sanctions up to and including dismissal or legal action. Unauthorized use or disclosure of information may result in civil or criminal penalties.

Pledge

I hereby certify that I have carefully read and will cooperate fully with the above procedures. I will keep completely confidential all sensitive information to which I gain access. I will not discuss, disclose, disseminate, or provide access to any information except as authorized by Westat. In addition, I will comply with any additional procedures established by Westat for a particular contract. I will devote my best efforts to ensure that there is compliance with the required procedures by personnel whom I supervise. I understand that violation of this pledge is sufficient grounds for disciplinary action, including dismissal. I also understand that violation of the privacy rights of individuals through such unauthorized discussion, disclosure, dissemination, or access may make me subject to civil or criminal penalties. I give my personal pledge that I shall abide by this assurance of confidentiality.

Signature Print Name Date

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Carolyn Gatling
File Modified	0000-00-00
File Created	2021-01-24