Confidentiality
Confidentiality
On December 23, 1999, the Parliament of the Republic of Lithuania passed the Law on Statistics, which described the definition of confidential statistical data, principles of statistical data protection, dissemination etc. Official statistical data shall be considered confidential and protected in accordance with the procedure established by law, if the respondent on whom or on whose activity results the primary information has been collected may be directly or indirectly identified from that official statistical data. According to this law all statistical data collected for official statistical users has to be applied only for the preparation of statistical information and nothing else.
On July 17, 1999, the Parliament of the Republic of Lithuania passed the Personal Data Act, which regulates the protection of personal data. There are several acts, which define the data protection requirements in governmental authorities in Lithuania. Also there is a Data Protection Inspectorate in Lithuania, which regulates the abidance of Personal Data Act and other data protection acts and regulations in Lithuania.
On June 15, 2000, the Parliament of the Republic of Lithuania passed the Law on Administrative Code additionally with the article that defines the responsibility for confidential statistical data reveal. The article defines penalty in cash.
The gist of the principles of Statistics Lithuania is that 3 levels of security and confidentiality have been developed: physical, legal and technological. In these levels there is the whole complex of means and documents that ensure data security and statistical confidentiality.
There is Data Security and Confidentiality Service in Statistics Lithuania, which is responsible for data security in all levels: physical, legal and technological. The service consists of seven employees.
There are internal documents, which regulates data protection in the office:
-
Annual confidential statistical data protection means plan;
-
Data protection on the networks;
-
Confidential statistical data protection order on physical level;
-
Persistence routine rules;
-
Rules for internal network;
-
Confidentiality rules for Population and Housing Census 2001;
-
Specific regulations on statistical confidentiality.
All questionnaires enclose a note on data security and confidentiality guarantee.
All employees, who work with confidential data, sign a deed of covenant.
Each document is a very important part of the data security system, especially the Specific regulations on statistical confidentiality. These regulations define principles of confidentiality more exactly than in our laws. Confidentiality methods and means are described there:
1. Methods used for tabular data:
-
Geographical thresholds – limiting geographical detail by releasing data only for areas above a particular spatial or population threshold.
-
Number 3 of respondents in survey – threshold rule where a cell in the table is defined as sensitive if the number of respondents is less than 3.
-
If the threshold is not achieved, we apply cell suppression.
-
Rounding – rounding to the top/bottom value marginal rule.
-
(n,k) rule - Regardless of the number of respondents in a cell, if a small number (n or fewer) of these respondents contribute to a large percentage (k percent or more) of the total cell value, then the so-called n respondent, k percent rule of cell dominance defines this cell as sensitive. (only for data concerning enterprises). We defined such values - when n=1, then k=70%; when n=2, then k=85%.
-
Recoding – recoding variables into broader categories to reduce detail. (only for data concerning enterprises)
2. Methods used for micro data:
-
Geographical thresholds – limiting geographical detail by releasing data only for areas above a particular spatial or population threshold.
-
Top and bottom coding – setting top-codes and/or bottom-codes on continuous variables. A top-code for a variable is an upper limit on all published values of that variable. Any value greater than this upper limit is not published on the micro data file. Similarly, a bottom-code is a lower limit on all published values for a variable.
-
Sampling – releasing only a small proportion of the original data as a micro data file.
-
Recoding – recoding variables into broader categories to reduce detail.
-
Deletion of especially sensitive records or items – in micro data files, certain statistical units may be particularly sensitive. These may be excluded or deleted from the micro data file to be released.
-
Micro aggregation - records are grouped based on a proximity measure of all variables of interest, and the same groups of records are used in calculating aggregates for those variables.
Physical security means have been implemented according to "Confidential statistical data protection order on physical level".
When we talk about technological data protection means, we keep in mind hardware and software means. Technological data protection means have been implemented according to the document "Data protection on the networks".
Personal data received during the Population and Housing Census mostly are very sensitive. Because of that there have to be applied special security measures to protect these data. All data protection means and methods that were mentioned before have to be applied. But for the Population and Housing data even more security means are applied.
Special data confidentiality rules for Population and Housing Census 2001 are prepared. These rules cover all stages of the Census: collection of questionnaires, scanning of questionnaires, data processing, dissemination of statistical information, and storage of questionnaires. All stages include data protection requirements.
All Census workers had to sign a deed of covenant that will not reveal any confidential data.
Preparing accommodations for Census as an additional mean all doors where the questionnaires are stored had to be strong, with secure locks and with seal mechanism. Near the entrance to the area and near every door in the area where Census data are processed there are electronic system terminals, which identify every employee. The system allows coming in only authorized personnel.
Netware, computers and servers for census data processing are logically separated from other local Netware. All hardware and software used for data processing are certified. There were removed floppy disk drives and compact disk players from all computers used for census data processing. Access to printers was forbidden. Passwords to computers and databases are changed every month. Every census data operator’s activity is registered in the server and can be monitored. It was forbidden to use portable computers to process census data. Preparing databases for processing name, surname and personal number were removed from micro data to avoid direct identification of persons.
All these additional data protection measures were applied to ensure the confidentiality of the Population and Housing Census data more effectively.
Document updated: 2008 11 09
