§19085. National secure data service
(a) In general
The Director, in consultation with the Director of the Office of Management and Budget and the interagency committee established under section 9413 of title 15, shall establish a demonstration project to develop, refine, and test models to inform the full implementation of the Commission on Evidence-Based Policymaking recommendation for a governmentwide data linkage and access infrastructure for statistical activities conducted for statistical purposes, as defined in chapter 35 of title 44.
(b) Establishment
Not later than one year after August 9, 2022, the Director shall establish a National Secure Data Service demonstration project. The National Secure Data Service demonstration project shall be-
(1) aligned with the principles, best practices, and priority actions recommended by the Advisory Committee on Data for Evidence Building, to the extent feasible; and
(2) operated directly by or via a contract that is managed by the National Center for Science and Engineering Statistics.
(c) Data
In carrying out this section, the Director shall engage with Federal and State agencies to collect, acquire, analyze, report, and disseminate statistical data in the United States and other nations to support governmentwide evidence-building activities consistent with the Foundations for Evidence-Based Policymaking Act of 2018.
(d) Voluntary participation
Participation in the National Secure Data Service demonstration project by Federal and State agencies shall be voluntary.
(e) Privacy and confidentiality protections
If the Director issues a management contract under subsection (b), the recipient shall be designated as an "agent" under subchapter III of chapter 35 of title 44 with all requirements and obligations for protecting confidential information delineated in the Confidential Information Protection and Statistical Efficiency Act of 2018 and the Privacy Act of 1974.
(f) Technology and privacy standards
In carrying out this subsection, the Director shall-
(1) consider application and use only of systems and technologies that incorporate protection measures to reasonably ensure confidential data and statistical products are protected in accordance with obligations under subchapter III of chapter 35 of title 44, including systems and technologies that ensure-
(A) raw data and other sensitive inputs are not accessible to recipients of statistical outputs from the National Secure Data Service demonstration project;
(B) no individual entity's data or information is revealed by the National Secure Data Service demonstration project platform to any other party in an identifiable form;
(C) no information about the data assets used in the National Secure Data Service demonstration project is revealed to any other party, except as incorporated into the final statistical output;
(D) the National Secure Data Service demonstration project permits only authorized analysts to perform statistical queries necessary to answer approved project questions, and prohibits any other queries; and
(E) the National Secure Data Service demonstration project conducts privacy risk assessments to minimize the privacy risks to individual entities whose data has been made available by a reporting entity, including those privacy risks that could result from data breaches of any system operated by the reporting entity, as well as for determining approved project questions under subparagraph (D) to minimize the privacy risks to individuals affected by uses of the statistical output; and
(2) the National Secure Data Service demonstration project shall implement reasonable measures commensurate with the risks to individuals' privacy to achieve the outcomes under subparagraphs (A) through (E) of paragraph (1), which may include the appropriate application of privacy-enhancing technologies and appropriate measures to minimize or prevent reidentification risks consistent with any applicable guidance or regulations issued under subchapter III of chapter 35 of title 44.
(g) Transparency
The National Secure Data Service established under subsection (b) shall maintain a public website with up-to-date information on supported projects.
(h) Report
Not later than 2 years after August 9, 2022, the National Secure Data Service demonstration project established under subsection (b) shall submit a report to Congress that includes-
(1) a description of policies for protecting data, consistent with applicable Federal law;
(2) a comprehensive description of all completed or active data linkage activities and projects;
(3) an assessment of the effectiveness of the demonstration project for mitigating risks and removing barriers to a sustained implementation of the National Secure Data Service as recommended by the Commission on Evidence-Based Policymaking; and
(4) if deemed effective by the Director, a plan for scaling up the demonstration project to facilitate data access for evidence building while ensuring transparency and privacy.
(i) Authorization of appropriations
There are authorized to be appropriated to the Director to carry out this subsection $9,000,000 for each of fiscal years 2023 through 2027.
(
Editorial Notes
References in Text
The Foundations for Evidence-Based Policymaking Act of 2018, referred to in subsec. (c), is
The Confidential Information Protection and Statistical Efficiency Act of 2018, referred to in subsec. (e), is title III of
The Privacy Act of 1974, referred to in subsec. (e), is