Expanding secure access to CIPSEA data assets

Checkout our iOS App for a better way to browser and research.

§3582. Expanding secure access to CIPSEA data assets

(a) Statistical Agency Responsibilities.-To the extent practicable, each statistical agency or unit shall expand access to data assets of such agency or unit acquired or accessed under this subchapter to develop evidence while protecting such assets from inappropriate access and use, in accordance with the regulations promulgated under subsection (b).

(b) Regulations for Accessibility of Nonpublic Data Assets.-The Director shall promulgate regulations, in accordance with applicable law, for statistical agencies and units to carry out the requirement under subsection (a). Such regulations shall include the following:

(1) Standards for each statistical agency or unit to assess each data asset owned or accessed by the statistical agency or unit for purposes of categorizing the sensitivity level of each such asset and identifying the corresponding level of accessibility to each such asset. Such standards shall include-

(A) common sensitivity levels and corresponding levels of accessibility that may be assigned to a data asset, including a requisite minimum and maximum number of sensitivity levels for each statistical agency or unit to use;

(B) criteria for determining the sensitivity level and corresponding level of accessibility of each data asset; and

(C) criteria for determining whether a less sensitive and more accessible version of a data asset can be produced.


(2) Standards for each statistical agency or unit to improve access to a data asset pursuant to paragraph (1) or (3) by removing or obscuring information in such a manner that the identity of the data subject is less likely to be reasonably inferred by either direct or indirect means.

(3) A requirement for each statistical agency or unit to conduct a comprehensive risk assessment of any data asset acquired or accessed under this subchapter prior to any public release of such asset, including standards for such comprehensive risk assessment and criteria for making a determination of whether to release the data.

(4) Requirements for each statistical agency or unit to make any process or assessment established, produced, or conducted pursuant to this section transparent and easy to understand, including the following:

(A) A requirement to make information on the assessment of the sensitivity level of each data asset conducted pursuant to paragraph (1) available on the Federal data catalogue established under section 3511(c)(1).

(B) A requirement to make any comprehensive risk assessment, and associated determinations, conducted under paragraph (3) available on the Federal data catalogue established under section 3511(c)(1).

(C) A requirement to make any standard or policy established by the statistical agency or unit to carry out this section and any assessment conducted under this section easily accessible on the public website of such agency or unit.


(c) Responsibilities of the Director.-The Director shall-

(1) make public all standards and policies established under this section; and

(2) ensure that statistical agencies and units have the ability to make information public on the Federal data catalogue established under section 3511(c)(1), in accordance with requirements established pursuant to subsection (b).

(Added Pub. L. 115–435, title III, §303(a), Jan. 14, 2019, 132 Stat. 5554 .)


Statutory Notes and Related Subsidiaries

Effective Date

Section effective 180 days after Jan. 14, 2019, see section 403 of Pub. L. 115–435, set out as an Effective Date of 2019 Amendment note under section 306 of Title 5, Government Organization and Employees.


Download our app to see the most-to-date content.