Attachment 2 - Draft Case Study Outline

Attachment 2 - Draft Case Study Outline.docx

Formative Data Collections for ACF Program Support

Attachment 2 - Draft Case Study Outline

OMB: 0970-0531

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 0970-0531 can be found here:

2024-03-05 - No material or nonsubstantive change to a currently approved collection
2024-01-25 - No material or nonsubstantive change to a currently approved collection

Document [docx]

Download: docx | pdf

ACF Privacy and Confidentiality Analysis and Support

Revised Case Study Outline

I. Introduction

[Source of section information: Informed by public website, site representatives via interview, community stakeholder, organizations supporting the site, with input from the expert panel and ACF]

Purpose of the Case Study
1. Should identify the target audience and what they should expect to gain
Overview of the Site
1. Brief site description summarizing sponsoring organization, types of data that are being shared, and for what purpose(s)
2. Why this site was chosen as a case study site
Sources of Case Study Information/Who We Interviewed

II. Motivation for Data Sharing

[Source of section information: Informed by public website and site representatives via interview]

Project [Enterprise] Goals
Description of the Problem
Data Sharing as a Solution
Description of key supporters / champions

III. Applicable Data and Requirements

[Source of section information: Informed by public website and site representatives via interview]

Types of data/ data elements that were considered for sharing / shared
1. What data is being shared at the sector/program level
Laws & regulations relevant to the proposed data
1. What laws/regulations impact how this data is being shared/general limitations

IV. Enterprise Level - Where it started + where it is now (Elements and order will vary by case study.)

(Consider how each item was conducted before implementation of the data sharing initiative versus how these are accomplished now, where relevant.)

Data elements that were shared
1. Specific details of PII data elements that are shared
Data Governance Framework
Internal/external users permitted to access data and associated controls
1. Policy Control

a. Rules for behavior

Internal users/obtaining access and protocols for use
External users/obtaining access and protocols for use

Technical controls
1. Statistical confidentiality treatments (variable suppression, data coarsening, cell suppression, noise infusion, Differential Privacy, etc.)
2. Minimum necessary access to minimum necessary elements

Processes for ensuring data quality and consistency
1. Matching processes
2. Data documentation
3. Training
Data Security
1. System risks/concerns
2. Risk mitigation strategies
3. IT functionality that support data security
4. Transmission requirements
5. Storage requirements
Discussion of the sharing agreements and high-level discussion on unique issues
1. How agreements differ across data owners
2. How agreements differ by type of data use
If/how was transparency achieved
1. Relevant communications

V. Individual Project Level - Where it started / where it ended

(Individual projects or data users identified through discussion with the site administrator.)

Overview of a specific data-sharing project
Data elements being shared
See above for what else should be covered on a more specific basis

i. Obtaining access

ii. Matching procedures

iii. Statistical confidentiality treatments

iv. Data Security

Access
Transmission
Storage while in use
Deletion after use

D. The Outcome of the Project

VI. Data Privacy and Confidentiality Challenges (series of paragraphs based on challenge)

[Source of section information: Informed by site representatives and community stakeholders via interview]

Issues Raised by Stakeholders (e.g., data owners/data stewards, external, etc.)
1. Who was part of this discussion/who were the stakeholders?
2. What were their individual concerns/what issues did they raise?
3. Did stakeholders cite laws, policies, or local practice as barriers to data sharing?
4. How was “trust” discussed/described?
Response to each issue raised
1. Who/what staff were central to resolving issues?
2. Where did staff go for information to resolve these issues?
3. What finally resolved the issue?
Timeline for resolving issues
Challenges related to disclosure risk analysis and risk mitigation

VII. Monitoring and Sustainability

[Source of section information: Informed by site representatives via interview]

Statistics on Data Shared/Data Used
Sustainability/ Maintaining Funding
Ongoing Monitoring/ Data Governance Activities
Analyses Conducted Regarding Implementation and/or Outcome

VIII. Lessons Learned and Best Practices

[Source of section information: Informed by site representatives via interview]

Lessons Learned – What Would They Have Done Differently?
Best Practices – What Would They Recommend to Others?

Appendix A. Data Sharing Agreements

Appendix B. Other Site Resources

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Westat
File Modified	0000-00-00
File Created	2022-01-07