About This Questionnaire
This is a sample questionnaire that covers three main areas of U.S. privacy law. It is designed to elicit from the user the key properties of a dataset that are relevant to determining whether privacy risks or restrictions from these laws constrain how it can be handled.
The questionnaire demonstrates how complex legal standards from different statutes, regulations, and policies can be conveyed clearly to users and used to assign tags to a wide range of datasets. For instance, it provides detailed definitions and multiple examples to aid the user in interpreting legal concepts and applying them in different contexts.
Based on the user’s responses to the questionnaire, DataTags generates a set of tags that describe the properties of a dataset, which laws are applicable, and how the dataset can be stored, transmitted, or used according to the relevant laws, contracts, and policies.
With this sample questionnaire, you can navigate some of the data use and sharing requirements in the following three areas of U.S. privacy law. learn more
Statutes and Regulations Covered
The sample questionnaire is designed to help a researcher understand whether rules from any of the following U.S. privacy laws and regulations govern the storage, transmission, or use of a specific dataset. It aims to cover a subset of the laws most relevant to the sharing of sensitive research data in the United States, but it does not address categories of information beyond the scope of the following list of laws.
Privacy of medical records
- The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, 45 C.F.R. Part 160 and Subparts A and E of Part 164, which regulates the use and disclosure of protected health information held by covered entities such as health care providers
- The substance abuse confidentiality regulations, 42 C.F.R. Part 2, which protect the confidentiality of the medical records of patients seeking treatment for alcohol or drug abuse
Privacy of education records
- The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, which safeguards student records maintained by an educational agency or institution
- The Protection of Pupil Rights Amendment (PPRA), 20 U.S.C. § 1232h, which establishes privacy-related procedures for certain surveys, analyses, and evaluations funded by the US Department of Education
- The Education Sciences Reform Act of 2002, 20 U.S.C. § 9573, which restricts the collection, use, and dissemination of education data in research conducted by the Institute of Education Sciences
Privacy of government records
- The Privacy Act of 1974, 5 U.S.C. § 552a, which establishes fair information practices for protecting personally identifiable records maintained by federal agencies
- The Confidential Information Protect and Statistical Efficiency Act (CIPSEA), 44 U.S.C. § 3501 note, which protects confidential data collected by U.S. statistical agencies
- Title 13 of the U.S. Code, which protects the confidentiality of Census Bureau data
- The Driver’s Privacy Protection Act (DPPA), 18 U.S.C. §§ 2721-2725, which restricts the disclosure of personal information from state department of motor vehicle records
This chart displays the range of tags that may be suggested at the conclusion of the demonstration. These tags cover properties such as the regulatory classification of the information, the sensitivity of the information, the terms of governing contractual agreements, and the appropriate data security and other handling requirements.
Health information protected by HIPAA and federal substance abuse confidentiality regulations
Student information covered by FERPA and laws protecting research funded by the Department of Education and the Institute of Education Sciences
Personal information held by government agencies, including statistical agencies and state departments of motor vehicles, and safeguarded by federal law
To try the demonstration for a dataset you have in mind, please click on the button below.Start Tagging