Confidentiality and Security Guidelines
2020 Census Local Update of Census Addresses Operation (LUCA)
Form D-2004
OMB Control No. XXXX- XXXX Month 20XX
Federal law, under Title 13 of the United States Code (U.S.C.), requires the U.S. Census Bureau to maintain the confidentiality of the information it collects. The Census Bureau takes this responsibility very seriously. Respondents place their trust in the Census Bureau each time they complete a survey or an interview. This trust in confidentiality is critical to the success of the Census Bureau’s mission to collect and report the most accurate data possible. To uphold the law, the Census Bureau requires that any individuals with access to Title 13 materials adhere to the prescribed confidentiality and security guidelines.
Chapter 1, Section 9 of Title 13, U.S. Code states: “Neither the Secretary, nor any other officer or employee of the Department of Commerce or bureau or agency thereof, or local government census liaison, may, except as provided in section 8 or 16 or chapter 10 of this title….
1) use the information furnished under the provisions of this title for any purpose other than the statistical purposes for which it is supplied; or
2) make any publication whereby the data furnished by any particular establishment or individual under this title can be identified; or
3) permit anyone other than the sworn officers and employees of the Department or bureau or agency thereof to examine the individual reports.”
In 1994, under Public Law 103-430, the U.S. Congress amended Chapter 1 of Title 13 to allow the local government census liaison to review and update the Census Bureau’s address information for their jurisdiction. Although the amendment allows official local government access, the amendment reaffirmed the confidential nature of the Census Bureau’s address information. Census information protected under Title 13 includes:
• Everything on a completed or partially completed questionnaire or any information obtained in a personal or telephone interview;
• Individual addresses maintained by the Census Bureau, including those shared with governments through the 2020 Census Local Update of Census Addresses Operation (LUCA); and
• Digital or paper maps with latitude/longitude coordinate data that identify the location of living quarters (structure points).
The penalty for the wrongful disclosure or release of information protected by Title 13 is a fine of not more than $250,000 or imprisonment for not more than 5 years, or both, as set by Section 214 of the Code and the Uniform Sentencing Act of 1984.
Title 13 U.S.C. does not apply to generalized address information, such as address range data available in the Census Bureau’s digital products or address counts by census block.
To participate in LUCA, a government must designate a LUCA liaison. The LUCA liaison, LUCA reviewers, and anyone with access to Title 13 materials must sign the Confidentiality Agreement. The Census Bureau will not deliver LUCA materials to a participant until we have received the completed and signed Confidentiality Agreement and the Confidentiality and Security Checklist.
The Census Bureau’s Title 13 data, including addresses and latitude/longitude coordinate data (structure points), cannot be used to create, update, nor modify a tribal, state, or local jurisdiction’s address list or database.
A signature on the Confidentiality Agreement constitutes a legal agreement by each individual to keep confidential Census Bureau Title 13 data and abide by the security guidelines outlined below. While access to Title 13 materials is temporary, the commitment to keep the information confidential is effective for a lifetime.
The LUCA liaison accepts the responsibility for protecting and safeguarding the LUCA materials. The liaison must restrict access to the Census Bureau’s information covered under Title 13 to those individuals who have signed the Confidentiality Agreement.
Operating systems, programs, applications, and data are collectively referred to as Information Technology (IT) systems in this document. Any IT systems used for LUCA participation must be accessible only to those who have signed the Confidentiality Agreement. Your IT systems should restrict the read, write, and delete functions to all Title 13 materials.
DIGITAL GUIDELINES
Construct electronic security profiles to allow only the LUCA liaison and the LUCA reviewers to access Title 13 materials. Test your security to ensure that access is restricted.
Use file encryption and passwords to protect all digital Title 13 materials at all times. Encrypt files using the Advanced Encryption Standard (AES) with key length of 256 bits.
Do not leave computers with Title 13 materials unattended. Log-off computers, lock terminals, and lock the room when not in use.
Label all digital media and every printed page of any paper materials produced from Title 13 digital media with the following:
“This document contains information, the release of which is prohibited by Title 13,
U.S.C., and is for U.S. Census Bureau official use only. Wrongful disclosure or release of information can be punished by fine or imprisonment (Public Law 99-474).”
Do not send backup digital media off-site. Store in a secured area. Do not mix, store, or back-up LUCA data with other data.
Clear dedicated digital media containing Title 13 materials before reuse. Overwrite Title 13 digital data minimally three times using a commercial disk utility program.
Do not disclose precise or even anecdotal information about Census Bureau addresses or locations to anyone who has not signed the Confidentiality Agreement.
PASSWORD GUIDELINES
The IT systems must use logon routines that require a user-ID and password that conform to the following guidelines:
Unique user-ID and password required for the LUCA liaison, the LUCA reviewers, and anyone who has signed the Confidentiality Agreement;
Must consist of at least twelve, nonblank characters consisting of at least one alphabet letter and either one number or one special character (for example: $,*, or &);
Reject passwords that are the same as the user-ID or that have been used within the last six months;
Encrypt passwords;
Disable passwords after three failed attempts;
Mask passwords;
Require password changes every 90 days or immediately, if compromised; and
Require user to change an assigned password to a unique password the first time the user accesses a new account.
Do not leave Title 13 materials unattended. Secure all Title 13 materials in a locked room. If possible, store Title 13 materials in locked desks or cabinets.
Copy only the Title 13 materials necessary to complete the LUCA review. Do not leave the copy machine unattended while making copies. All copied materials containing Title 13 information must bear the statement:
“This document contains information, the release of which is prohibited by Title 13, U.S.C.,
and is for U.S. Census Bureau official use only. Wrongful disclosure or release of information
can be punished by fine or imprisonment (Public Law 99-474).”
Do not disclose precise or even anecdotal information about Census Bureau addresses or locations to anyone who has not signed the Confidentiality Agreement.
If you discover that any Title 13 materials have been viewed by unauthorized persons or are missing from your inventory, you must:
Contact the Census Bureau through the Census Incident Response Team (CIRT) at (301) 763-3333 within 24 hours. You must provide the following information:
Jurisdiction Name;
Date and time of the incident;
Name of the contact person;
Phone number of contact person; and
Site address of incident.
Immediately secure all remaining materials. Prohibit any further access, by anyone, including the LUCA liaison and anyone who signed the Confidentiality Agreement. Census Bureau staff will contact your office within 48 hours with information on how to proceed.
The Census Bureau may make an on-site visit to review a participant’s security procedures. The Census Bureau will strive not to disrupt office operations. A visit may include a review of:
Storage and handling of Title 13 materials;
Employee access to Title 13 materials;
Physical safeguard of stored Title 13 materials;
IT Systems, including use of passwords; and
Employee awareness of their responsibilities to Title 13 materials.
After the entire LUCA operation has concluded, all Title 13 materials must be destroyed (preferred method) or returned according to the Census Bureau’s specific guidelines.
The LUCA liaison is required to verify the destruction or return of any Title 13 materials, both paper and digital, including all paper copies, backup files, etc., by signing and returning the Destruction or Return of Title 13, U.S.C. Materials form. In addition, anyone who signed the Confidentiality Agreement is required to sign this form once their participation in LUCA has ended. Should any liaison, reviewer, or anyone who signed the Confidentiality Agreement leave before the completion of LUCA, they must sign and date this form. If any liaison, reviewer, or anyone who signed the Confidentiality Agreement is unable to sign and date the form, the current liaison must sign and date on their behalf.
Only individuals who signed the Confidentiality Agreement are permitted to destroy Title 13 materials:
Never deposit Title 13 materials in a trash, recycle container, or dispose of information in a landfill before destruction procedures are completed; and
Destruction must prevent recognition or reconstruction of paper or digital Title 13 materials. Use one of the following methods:
Shredding or pulping;
Chemical decomposition;
Pulverizing (such as, hammer mills, choppers, etc.);
Burning (facility approved by the Environmental Protection Agency);
Clear dedicated digital media containing Title 13 materials before reuse. Overwrite Title 13 digital data minimally three times using a commercial disk utility program;
Clearing or sanitizing all print servers and multi-function printing or scanning devices with stored images or print files containing Title 13 data; and
Destroying CDs and DVDs using a shredder or other method suitable for rendering them un-usable.
Note: Hand tearing is an unacceptable method of disposal before destruction.
See the National Institute of Standards and Technology, Special Publication 800-88, Revision 1, Guidelines for Media Sanitization for further information on acceptable methods for digital media and office equipment sanitization. <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
After the entire LUCA operation has concluded, all Title 13 materials must be destroyed (preferred method) or returned according to the Census Bureau’s specific guidelines. If you decide to return the Title 13 materials rather than destroying them, follow these guidelines:
Ship the Title 13 materials, double-wrapping them by using an inner and an outer envelope (or container), one within the other. These should be durable enough to prevent someone from viewing or tampering with the enclosed material.
Label both sides of the inner envelope (or container) with the notice:
“DISCLOSURE PROHIBITED BY Title 13, U.S.C.”
INNER ENVELOPE OUTER ENVELOPE
DISCLOSURE PROHIBITED
BY Title 13, U.S.C.
(on both sides)
Address the outer envelope to: ATTN: Geography LUCA
National Processing Center
BLDG 63-E
1201 East 10th Street
Jeffersonville, IN 47132
DO NOT label the outer envelope with the “DISCLOSURE PROHIBITED BY Title 13, U.S.C.” notice.
Ship using a service that provides tracking information, such as U.S. Postal Service trackable delivery, FedEx, United Parcel Service (UPS), or similar service.
File Type | application/msword |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |