1. Privacy vs. Confidentiality

1. • Privacy is an individual right to control access to personal information.

   • Confidentiality relates to the responsibility of those handling the data to protect it.  Evergreen College provides a good definition of confidentiality in its relationship to anonymity and Endicott College has a good graphic portraying the relationship of privacy, anonymity, and confidentiality.   

2. Consult your Institutional Data Policy:  

An institutional data policy, such as those at The Ohio State University, Harvard University, and University of North Carolina, provides guidelines and protocols for the use of data in accordance with administrative, contractual, legal and regulatory requirements.  Many institutional data policies assign a level of security to data elements that determines what is consider public, internal, private or restricted data.  

3. Cell Suppression

1. • Cell Suppression:  Suppress data for small cell sizes that could inadvertently identify individuals.   The threshold for suppression is usually 5 individuals or fewer.  Individual state departments of higher education, as demonstrated here by the Maryland Higher Education Commission, might give additional guidance.  The University of Houston’s “Masking Techniques and Guidelines” discusses the making of data to include cell and complementary cell suppression.   

   • Complementary Suppression: Suppress additional cells if revealing one could allow reverse engineering of suppressed data.  (See Tables 1-3 for suppression examples).  

4. Data Aggregation

Aggregate responses to reduce the risk of identification—no individual responses.  Also, use broad categories to reduce the risk of identification.  For example, race/ethnicity categories can be recoded as “students of color” or “under-represented minorities.”  Likewise, combining responses such as “strongly agree” and “agree” into one category to help reduce the risk of identification.  (See Tables 4-6 for broad categories responses). 

5. Footnotes/Data Definitions

For both cell suppression and data aggregation, be sure to include footnotes, data definitions, etc., to clarify any suppression or complementary suppression techniques applied.  (see Tables 5-6 for footnotes, data definitions) 

6. Federal and State Laws to Consider 

The Family Educational Rights and Privacy Act of 1974 (FERPA) regulates access to, amendment of, and disclosure of education records 

• The Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transaction Act of 2003 govern how institutions collect, store, and use student financial information 

• The Health Insurance Portability and Accountability Act of 1996 governs how institutions protect student health records, including records kept by campus medical facilities 

• The Privacy Act of 1974 governs how federal agencies collect, use, transfer, and disclose student information.

Additionally, state laws may affect how institutions collect, use, and share student data.  

• Data Quality Campaign Safeguarding Student Data in Higher Education (pdf)

• Data Quality Campaign Student Data Principles (pdf)

• Federal Committee on Statistical Methodology (webpage)

• NCES Best Practices for Determining Subgroup Size in Accountability Systems While Protecting Anonymity (powerpoint)

• NCES Data Protection Tool Kit (webpage) 

• Association of Institutional Research Code of Ethics (webpage—read online or download pdf)

• NASPA (Student Affairs in Higher Education Professionals) (webpage)

• NACAC (National Association for College Admission Counseling) (webpage with flip book)