Analyzing Data Confidentiality Laws & Regulations: Research Methodology

The State Data Sharing Initiative (SDS) uses a three-step process to analyze state corporate tax and unemployment insurance data confidentiality laws and regulations.

1

Apply
Confidentiality
Assessment
Framework

Step 1: Apply Nine-Question SDS Data Confidentiality Framework to Analyze Law

SDS developed a standard framework for analyzing state corporate tax and unemployment insurance data confidentiality laws and regulations. The framework is organized around nine data confidentiality questions that data-gathering agencies must ask themselves before disclosing information to other government agencies or outside researchers. These questions are derived from the basic tenets of two federal regulations:

Data Confidentiality Categories and Questions:

1.Definition - How is confidential data defined?
2.Authority - Who is authorized to disclose data?
3.Purposes - For what purposes may data be disclosed?
4.Parties - To which parties may data be disclosed?
5.Elements - What specific data elements may be disclosed?
6a.Agreement Type - What type of data sharing agreement is required for data disclosure? (For Corporate Tax Data Only)
6b.Content Requirement - What are the content requirements for data sharing agreements? (For UI Data Only)
7.Safeguards - What safeguards are required for data disclosure?
8.Payment Provisions - What are the payment provisions for data disclosure?
9.Penalties - What are the penalties for violating disclosure rules?

2

Extract
Relevant
Language

Step 2: Extract Relevant Language from Law

SDS researchers analyzed all laws and regulations provided and extracted any relevant language that answers the nine data confidentiality questions. Relevant Language is defined as language in the law that:

  1. Answers the question, in part or in whole.
  2. May impact the disclosure of data for the purposes of analyzing or evaluating economic and workforce development programs.

3

Assign
Specificity
Rating

Step 3: Assign One of Three Specificity Ratings to Describe How Generally or Specifically the Law Answers Each Data Confidentiality Question

Data confidentiality laws vary from state to state. Some laws include detailed language allowing agencies to share data they collect with explicit groups to support specific activities, such as publication of statistics. Other laws are less descriptive, allowing disclosures to public employees in the performance of their duties. Some state laws provide even less instruction.

SDS developed a standard Specificity Rating system to help data sharing stakeholders easily compare how different state laws and regulations address critical data confidentiality issues, including the protection of sensitive data and access for appropriate uses.

After conducting a state-by-state review of data confidentiality laws, one of three Specificity Ratings was assigned to each law or regulation based on how generally or specifically the law addresses each confidentiality question. Specificity Rating choices include:

UI CT Specificity Rating:
    Detailed Explanation — The law includes explicitly clear language related to the issue, including identifying particular actors or situations in which a law applies.
    Broad Mention — The law includes only a general reference to the issue, which may provide only limited guidance to those interpreting or implementing the law.
 
 
 
 
Not Addressed — The law provides no information about the issue to guide decision making.

To view Specificity Rating examples, click here.

Findings: Confidentiality Laws & Regulations Database

The results of the data confidentiality laws and regulations analysis can be accessed through the SDS's interactive Confidentiality Laws & Regulations Database. Key components of database records include:

Specificity Ratingto indicate how generally or specifically the law addresses each confidentiality question.
Legal Citationto enable users to easily conduct an online search for the full legal text.
Relevant Subsectionsto help users quickly locate relevant portions of the law.
Relevant Languageto provide users with ready access to key pieces of information, with particularly relevant text highlighted for emphasis.
Date Reviewedto provide users with context for when the law was last reviewed, as laws can be amended at any time.

To learn how to use the Confidentiality Laws & Regulations Database, click here.