• Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+
Microdata access guidelines

Stats NZ staff, secondees, and contractors use Microdata access guidelines to apply the information privacy, security, and confidentiality policy to microdata access.

Context

Microdata is data about individual people, households, or organisations. It may also be data about other characteristics of New Zealand such as geographical data. Stats NZ provides safe access to microdata (data about specific people, households, or businesses) to enable research and analysis that benefits New Zealand.

As well as microdata for single sources, Stats NZ has two large integrated research databases of microdata. The Integrated Data Infrastructure (IDI) which contains microdata about people and households and the Longitudinal Business Database (LBD) which complements the IDI with microdata about businesses.

Microdata is a level of data that creates a risk of recognition/identification of individual people, households or organisations and as such must be managed carefully to protect against this risk. These guidelines must be followed when providing any access to microdata to individuals who are not employed by Stats NZ. They also apply to internal Stats NZ staff accessing sensitive microdata especially in the IDI and LBD, although generally internal staff access to microdata is covered by our security access policy.

Public willingness to provide information is central to achieving our goals, and is enabled by the high level of trust and confidence in the way we secure our information. We must be mindful of public expectations about privacy, security, and confidentiality in order to maintain this critical level of trust and confidence. We are committed to ensuring our policies and processes for the collection, use, storage, security, and disposal of personal and other confidential information, and the technology we use to support our processes, not only comply with all relevant legislation and statistical principles and protocols, but also meet public expectations, and are effectively implemented.

You might also be interested in our policy and guidelines aimed at protecting against the potential harm posed from the most at-risk data we hold:

Principles we apply for microdata access

We consider the five safe principles for access to microdata, an internationally recognised framework that summarises the key components that need to be considered to ensure risks associated with microdata access are appropriately assessed and managed:

  • Safe people – ensure researchers have the skills and experience necessary to work with microdata, and that the researchers can be trusted to use the data appropriately and follow procedures.
  • Safe projects – ensure applications have a research, analytical, or statistical purpose and are in relation to a matter of public interest. The data requested should be able to answer the research questions and confidentiality risks adequately mitigated.
  • Safe data – ensure that microdata is de-identified and researchers are only provided with access to the data they need, and only for the time agreed. 
  • Safe settings – ensure that Stats NZ’s Data Labs, remote Data Labs, and virtual private networks, are assessed and regularly audited to ensure that they adequately protect against unauthorised access to the data.
  • Safe outputs – ensure that there will be no confidentiality concerns with the proposed outputs.

Process for assessing microdata access

All applications to access microdata are centrally coordinated by Integrated Data (contact access2microdata@stats.govt.nz).

See figure 1 for summary of advice to applicants.

Figure 1

Image, Issues when preparing your Data Lab application.

Risk assessment based on the five safe principles

The team undertakes a risk assessment on each application based on the five safe principles.

Applying the five safes

To apply the five safes principles, members of the Integrated Data team ensure:

  • Stats NZ has an accurate record of who is accessing microdata, where, and for what (safe settings)
  • researcher accesses and tools are set-up, maintained, and audited (safe settings)
  • researchers have the skills and experience necessary to work with microdata (safe people)
  • applications to establish remote microdata access sites are assessed (safe settings). This is done with the assistance of the security team
  • applications to access microdata are processed within the published timeframe. Note: applications that request new data linking projects must first follow Data integration guidelines 
  • agencies and researchers are invoiced according to the current charge-out rates (as advertised on Stats NZ’s website) 
  • the delegated approver is provided with a summary of the benefits and risks of the proposed research, as gathered during the assessment stage below.

Assessment

Stats NZ staff assess applications to access microdata in a two-phased approach.

1. Advice phase

  • Subject matter area(s) as applicable – ensure the data requested is able to answer the research objectives (safe projects) 
  • Statistical Methods – ensure there are no confidentiality concerns (safe data, safe outputs). Stats NZ has no view on the analysis itself but may offer advice on methods where we have appropriate knowledge that can help researchers
  • Legal Counsel – ensures there is a public interest benefit to the research, and that the research complies with the Statistics Act (safe projects).

Where Stats NZ is the custodian of other agencies’ data, the other agency may request that they also have a say in the assessment process. Inland Revenue and the Ministry of Health are two examples (safe projects).

Based on the five safe principles, the resulting assessment will be either green for go, amber for check, or red for stop, see figure 1.

2. Final approval – delegations

Final approval of applications to access microdata is at the discretion of the Government Statistician or the person delegated by the Government Statistician to approve these applications.

Once the application for microdata access is approved, the researchers must sign a secrecy declaration (witnessed by Stats NZ employees) and follow directions outlined in an agreement relating to microdata access.

Other considerations for microdata access

Ethics committee approval

In some cases, research projects will require the approval of the external ethics committee. (Access to health data, for example, requires approval from the Health and Disability Ethics Committee). This should be organised by the researcher before they submit their application to access the microdata.

Integrated data – privacy and confidentiality impact assessment

Where applicants seek to integrate additional data sources they need to present a privacy and confidentiality impact assessment, with guidance from the senior advisor, strategy, performance and privacy. The assessment should be organised by the applicant before starting the microdata access process, and signed off before starting the microdata access application process.

Business tax data access

Inland Revenue business tax data is only available for government use, as specified in the Memorandum of Understanding between Stats NZ and Inland Revenue.

Consent required to identify service providers

Applications requesting access to microdata for programme evaluations that intend to identify service providers require additional approvals. Each provider must give their written consent to the use of their data for this purpose. This consent may have been agreed in the original contract to provide the service – in which case, no further consent from the provider(s) is needed. Also, each supplier whose data will be used in the evaluation, must give their written consent for their data to be used in the evaluation.

top

Definitions

anonymized
Term most commonly used to refer to data from which direct identifiers have been removed (de-identified data) but is sometimes used to refer to confidentialised data. It is not a term used in these guidelines.

availability
Ensuring authorised users, including staff, contractors, and researchers, can access data and information for authorised purposes at the time they need to do so.

confidential information
Data and information about a person, household, iwi, or organisation that we should not disclose to people who are not authorised to have access to it. Confidential information may be obtained from respondents, other organisations, customers, staff, or other people we deal with. Confidential information also includes embargoed releases and Stats NZ operational information that is not already publicly available.

Note: ‘confidential’ is a classification used by the New Zealand Government in its classification system for information pertaining to national security. Stats NZ does not hold or store any information classified confidential or any other information pertaining to national security, therefore we use the common English definition of confidential. For further information about the government information classification system, see Protective Security Requirements.

confidentialisation
The statistical methods used to protect against confidential information being disclosed to people who are not authorised to have access to it, in a way that could identify an individual, household or organisation. The statistical methods used provide a level of protection against identification that cannot be obtained from de-identification.

confidentiality
The protection of information provided by people and organisations to us and ensuring it is not disclosed or made available to people or organisations who are not authorised to access it. Authorisation should ideally be given by the person providing the information, but may also be through legislation.

data integration
The linking of data about the same person or organisation (or unit) from two or more unit record datasets, originally collected for different purposes.

de-identification
The process of removing information from microdata to reduce risk of spontaneous recognition. It typically includes removing names, exact dates of birth or death, and exact addresses.

information security
The measures put in place to protect against data and information being disclosed to unauthorised people or organisations, and to ensure appropriate availability and integrity of information.

Integrated Data Infrastructure (IDI)
Database containing de-identified people-centred microdata from a range of government agencies, Stats NZ surveys and non-government organisations.

integrity
Assurance about the accuracy and consistency of data and information and that it is authentic and complete. It includes assurance that data and information has been properly created and has not been tampered with, damaged, or subject to accidental or unauthorised changes.

Longitudinal Business Database (LBD)
Database containing microdata about businesses from Stats NZ surveys and a range of administrative data sources.

microdata
Data about individual people, organisations, households, or other units in a population.

personal information
Data and information about a person that we should not disclose to people who are not authorised to have access to it. It is a subset of confidential information.

privacy
The individual’s rights relating to control of the provision, use, and disclosure of information about themselves, commonly called their personal information.

Responsibilities

Here is a summary of who is responsible for what in the microdata access process.

All Stats NZ staff, secondees, and contractors

  • Understand the principles, policies, and procedures relating to the security and management of confidential information.
  • Apply these as appropriate to their role.
  • Report breaches, incidents, and near misses to the security and privacy teams.

Chief digital officer

  • Fulfil the role of chief information security officer as defined in the New Zealand Information Security Manual (GCSB, 2016).
  • Develop a security strategy and security risk management programme. 
  • Maintain appropriate security measures to protect the information gathered, stored, and transmitted by Stats NZ. 
  • Manage and maintain organisation-wide information security policies. 
  • Manage and maintain certification and accreditation processes. 
  • Act as an escalation point on security-related matters.

Chief methodologist

  • Manage and maintain policies and standards relating to statistical confidentialisation.
  • Approve confidentialisation and/or de-identification procedures before information is released by subject matter areas.
  • Assist in managing confidentialisation-related breaches. 
  • Assess data integration proposals to ensure there are no major methodological concerns with the analysis proposed, and that confidentiality risks can be adequately mitigated.
  • Provide advice and training to subject matter areas on confidentialisation methods and practice.
  • Provide confidentialisation advice to partner organisations.

Chief privacy officer

  • Maintain and manage the information privacy, security, and confidentiality policy, and any other related policies. 
  • Act as final escalation point on privacy and other confidentiality-related matters.

Chief security officer

  • Act as final escalation point on security-related matters.

External agencies

  • Assess whether the agency data requested is appropriate for answering the research objectives.

Government statistician

  • Approve data integration proposals and escalated microdata access applications. 
  • Approve use of any exemptions under clauses 37A to 37F of the Statistics Act 1975 or delegating approval authority.

Information Privacy, Security, and Confidentiality (IPSaC) Governance Group

  • Provide governance oversight of privacy, security, and confidentiality policies. 
  • Agree policy implementation work programmes. 
  • Drive implementation of the work programmes.

Legal counsel

  • Assess microdata access applications to ensure that the research complies with the Statistics Act 1975.

Manager and data custodian responsible for releasing data

  • Assess applications to use microdata they are custodians for, to ensure the data requested is appropriate for answering the research objectives.
  • Undertake risk assessment, specify risks to be mitigated, and collaborate with Statistical Methods and data specialists to determine appropriate confidentialisation and de-identification techniques. Gain the approval of the chief methodologist for application of those techniques. 
  • Ensure analysts and researchers in their area are trained in how to apply the approved confidentialisation and/or de-identification procedures and that those procedures are applied to information prior to release.

Manager, information management

  • Advise and provide education about correct management, retention, and disposal of confidential information in accordance with the Public Records Act 2005 and approved disposal authorisations.  

Manager, microdata access

  • Develop and apply processes for assessing research and researchers to determine whether researchers and projects should be recommended for approval. 
  • Ensure only approved researchers and approved projects have access to microdata but only to microdata approved for their project. 
  • Ensure approved researchers undertake confidentiality training and sign all relevant documentation before being granted access to microdata.
  • Ensure all outputs from microdata access projects are confidentiality checked before they are released.
  • Has the delegated authority to disclose individual schedules in the form of confidentialised unit record files (CURFs) and to approve variations to existing microdata access approvals.

Respondent advocate

  • Provide a respondent perspective when policies and procedures relating to privacy and confidentiality are developed and implemented.

Security manager

  • Fulfil the role of information technology security manager (ITSM) as defined in the New Zealand Information Security Manual (GCSB, 2016).
  • Provide leadership, advice, and consultation on security related issues. 
  • Manage the implementation of security measures.
  • Lead the management of security breaches and incidents.
  • Lead security education and awareness activities.

Senior advisor, strategy, performance and privacy

  • Design and implement approaches to implement the information privacy, security, and confidentiality policy, including education and awareness activities. 
  • Lead management of privacy-related breaches and incidents.
  • Lead management of confidentiality-related breaches and incidents.
  • Provide leadership, advice, and consultation on privacy and confidentiality related issues, including privacy and confidentiality impact assessments.
  • Consult with the Office of the Privacy Commissioner when required.

Senior manager, integrated data

  • Has delegated authority to disclose individual schedules in the form of de-identified microdata or confidentialised unit record files (CURFs) and to approve variations to existing microdata access approvals. 
  • Consider any wider, strategic implications and whether additional advice is required from the relevant ethics advisory group.

Senior managers and general managers

  • Consider any wider, strategic implications for their areas of data integrations outside IDI or LBD. 
  • Endorse data integrations outside the IDI and LBD are ready for the Government Statistician’s approval.

The Confidentiality Network

  • Provide support, advice, and build capability across Statistical Methods, Stats NZ, and the Official Statistics System in confidentiality methodologies and practices. 

Related documents

Guidelines and procedures

Statistics NZ (2009). Methodological standard for confidentiality standard for microdata access. Available from senior advisor, strategy performance and privacy, email: info@stats.govt.nz.

Statistics NZ (2016). Brief privacy and confidentiality impact analysis template. Available from senior advisor, strategy, performance and privacy, email: info@stats.govt.nz.

Statistics NZ (2016). Full privacy and confidentiality impact assessment template. Available from senior advisor, strategy, performance and privacy, email: info@stats.govt.nz.

Statistics NZ (2016). Microdata output guide (fourth edition). Available from www.stats.govt.nz.

Statistics NZ (2016). Privacy and confidentiality impact assessment guidance. Available from senior advisor, Strategy Performance and Privacy, email: info@stats.govt.nz.

Statistics NZ (2016). Privacy, security, and confidentiality incident procedures. Available from security and privacy teams, email: info@stats.govt.nz.

Stats NZ (2017). Data integration guidelines. Available from www.stats.govt.nz.

Stats NZ (2017). Privacy and confidentiality guidelines. Available from www.stats.govt.nz.

Other documents

Government Communications Security Bureau (2016). New Zealand information security manual (NZISM). Available from www.gcsb.govt.nz.

Protective security requirements. Available from www.protectivesecurity.govt.nz.

Statistics NZ (nd). Our privacy commitment (poster). Available from Stats NZ, email: info@stats.govt.nz.

Statistics NZ (nd). Security policies and standards. Available from Stats NZ, email: info@stats.govt.nz.

Statistics NZ (2007). Principles and protocols for producers of Tier 1 Statistics. Available from www.stats.govt.nz.

Statistics NZ (2013). Information and data management policy. Available from Stats NZ, email: info@stats.govt.nz.

Stats NZ (2017). Information privacy, security, and confidentiality policy. Available from www.stats.govt.nz.

United Nations (2014). UN fundamental principles for official statistics (Principle 6). Available from https://unstats.un.org.

Legislation

Official Information Act 1982. Available from www.legislation.govt.nz.

Privacy Act 1993. Available from www.legislation.govt.nz.

Public Records Act 2005. Available from www.legislation.govt.nz.

Statistics Act 1975. Available from www.legislation.govt.nz. 

Owner and review

The general manager of customer support and development is the owner of Microdata access guidelines. The 2017 guidelines resulted from a review in 2016 and replace the 2009 Microdata access policy. The guidelines will be reviewed annually.

Citation
Stats NZ (2017). Microdata integration guidelines. Retrieved from www.stats.govt.nz.   

ISBN 978-0-9941463-0-4 (online)
Published 9 May 2017 

  • Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+
Top
  • Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+