Attachment 2 - Draft Case Study Outline

Attachment 2 - Draft Case Study Outline.docx

Formative Data Collections for ACF Program Support

Attachment 2 - Draft Case Study Outline

OMB: 0970-0531

Document [docx]
Download: docx | pdf

ACF Privacy and Confidentiality Analysis and Support

Revised Case Study Outline



I. Introduction

[Source of section information: Informed by public website, site representatives via interview, community stakeholder, organizations supporting the site, with input from the expert panel and ACF]

  1. Purpose of the Case Study

    1. Should identify the target audience and what they should expect to gain

  2. Overview of the Site

    1. Brief site description summarizing sponsoring organization, types of data that are being shared, and for what purpose(s)

    2. Why this site was chosen as a case study site

  3. Sources of Case Study Information/Who We Interviewed



II. Motivation for Data Sharing

[Source of section information: Informed by public website and site representatives via interview]

  1. Project [Enterprise] Goals

  2. Description of the Problem

  3. Data Sharing as a Solution

  4. Description of key supporters / champions



III. Applicable Data and Requirements

[Source of section information: Informed by public website and site representatives via interview]

  1. Types of data/ data elements that were considered for sharing / shared

    1. What data is being shared at the sector/program level

  2. Laws & regulations relevant to the proposed data

    1. What laws/regulations impact how this data is being shared/general limitations



IV. Enterprise Level - Where it started + where it is now (Elements and order will vary by case study.)

(Consider how each item was conducted before implementation of the data sharing initiative versus how these are accomplished now, where relevant.)

  1. Data elements that were shared

    1. Specific details of PII data elements that are shared

  2. Data Governance Framework

  3. Internal/external users permitted to access data and associated controls

    1. Policy Control

a. Rules for behavior

  • Internal users/obtaining access and protocols for use

  • External users/obtaining access and protocols for use

    1. Technical controls

      1. Statistical confidentiality treatments (variable suppression, data coarsening, cell suppression, noise infusion, Differential Privacy, etc.)

      2. Minimum necessary access to minimum necessary elements

  1. Processes for ensuring data quality and consistency

    1. Matching processes

    2. Data documentation

    3. Training

  2. Data Security

    1. System risks/concerns

    2. Risk mitigation strategies

    3. IT functionality that support data security

    4. Transmission requirements

    5. Storage requirements

  3. Discussion of the sharing agreements and high-level discussion on unique issues

    1. How agreements differ across data owners

    2. How agreements differ by type of data use

  4. If/how was transparency achieved

    1. Relevant communications



V. Individual Project Level - Where it started / where it ended

(Individual projects or data users identified through discussion with the site administrator.)

  1. Overview of a specific data-sharing project

  2. Data elements being shared

  3. See above for what else should be covered on a more specific basis

i. Obtaining access

ii. Matching procedures

iii. Statistical confidentiality treatments

iv. Data Security

  • Access

  • Transmission

  • Storage while in use

  • Deletion after use

D. The Outcome of the Project



VI. Data Privacy and Confidentiality Challenges (series of paragraphs based on challenge)

[Source of section information: Informed by site representatives and community stakeholders via interview]

  1. Issues Raised by Stakeholders (e.g., data owners/data stewards, external, etc.)

    1. Who was part of this discussion/who were the stakeholders?

    2. What were their individual concerns/what issues did they raise?

    3. Did stakeholders cite laws, policies, or local practice as barriers to data sharing?

    4. How was “trust” discussed/described?

  2. Response to each issue raised

    1. Who/what staff were central to resolving issues?

    2. Where did staff go for information to resolve these issues?

    3. What finally resolved the issue?

  3. Timeline for resolving issues

  4. Challenges related to disclosure risk analysis and risk mitigation



VII. Monitoring and Sustainability

[Source of section information: Informed by site representatives via interview]

  1. Statistics on Data Shared/Data Used

  2. Sustainability/ Maintaining Funding

  3. Ongoing Monitoring/ Data Governance Activities

  4. Analyses Conducted Regarding Implementation and/or Outcome



VIII. Lessons Learned and Best Practices

[Source of section information: Informed by site representatives via interview]

  1. Lessons Learned – What Would They Have Done Differently?

  2. Best Practices – What Would They Recommend to Others?

Appendix A. Data Sharing Agreements

Appendix B. Other Site Resources

4


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorWestat
File Modified0000-00-00
File Created2024-10-07

© 2024 OMB.report | Privacy Policy