View all text of Part F [§ 19081 - § 19085]
§ 19085. National secure data service
(a) In general
(b) EstablishmentNot later than one year after August 9, 2022, the Director shall establish a National Secure Data Service demonstration project. The National Secure Data Service demonstration project shall be—
(1) aligned with the principles, best practices, and priority actions recommended by the Advisory Committee on Data for Evidence Building, to the extent feasible; and
(2) operated directly by or via a contract that is managed by the National Center for Science and Engineering Statistics.
(c) Data
(d) Voluntary participation
(e) Privacy and confidentiality protections
(f) Technology and privacy standardsIn carrying out this subsection, the Director shall—
(1) consider application and use only of systems and technologies that incorporate protection measures to reasonably ensure confidential data and statistical products are protected in accordance with obligations under subchapter III of chapter 35 of title 44, including systems and technologies that ensure—
(A) raw data and other sensitive inputs are not accessible to recipients of statistical outputs from the National Secure Data Service demonstration project;
(B) no individual entity’s data or information is revealed by the National Secure Data Service demonstration project platform to any other party in an identifiable form;
(C) no information about the data assets used in the National Secure Data Service demonstration project is revealed to any other party, except as incorporated into the final statistical output;
(D) the National Secure Data Service demonstration project permits only authorized analysts to perform statistical queries necessary to answer approved project questions, and prohibits any other queries; and
(E) the National Secure Data Service demonstration project conducts privacy risk assessments to minimize the privacy risks to individual entities whose data has been made available by a reporting entity, including those privacy risks that could result from data breaches of any system operated by the reporting entity, as well as for determining approved project questions under subparagraph (D) to minimize the privacy risks to individuals affected by uses of the statistical output; and
(2) the National Secure Data Service demonstration project shall implement reasonable measures commensurate with the risks to individuals’ privacy to achieve the outcomes under subparagraphs (A) through (E) of paragraph (1), which may include the appropriate application of privacy-enhancing technologies and appropriate measures to minimize or prevent reidentification risks consistent with any applicable guidance or regulations issued under subchapter III of chapter 35 of title 44.
(g) Transparency
(h) ReportNot later than 2 years after August 9, 2022, the National Secure Data Service demonstration project established under subsection (b) shall submit a report to Congress that includes—
(1) a description of policies for protecting data, consistent with applicable Federal law;
(2) a comprehensive description of all completed or active data linkage activities and projects;
(3) an assessment of the effectiveness of the demonstration project for mitigating risks and removing barriers to a sustained implementation of the National Secure Data Service as recommended by the Commission on Evidence-Based Policymaking; and
(4) if deemed effective by the Director, a plan for scaling up the demonstration project to facilitate data access for evidence building while ensuring transparency and privacy.
(i) Authorization of appropriations
(Pub. L. 117–167, div. B, title III, § 10375, Aug. 9, 2022, 136 Stat. 1574.)