Proposals for a National Secure Data Service, in Context
INSIGHTi
Proposals for a National Secure Data Service,
in Context
August 5, 2021
On June 28, 2021, the House passed H.R. 2225, the National Science Foundation for the Future Act,
which would authorize appropriations and certain activities. One provision would establish a “National
Secure Data Service” (NSDS) demonstration project. The proposal relates to a recommendation from an
earlier Commission on Evidence-Based Policymaking (CEP).
Among other things, CEP was charged with considering whether a federal government “clearinghouse”
for program and survey data should be established. CEP interpreted clearinghouse to mean “a data
storage facility that permanently stores records from multiple databases from multiple agencies and,
therefore, grows with each new data linkage.” CEP rejected the clearinghouse model, however, citing
“wel -founded concerns about the potential privacy harm such a clearinghouse could raise.” Instead, it
recommended establishment of an NSDS, which would “temporarily link existing data and provide secure
access to those data for exclusively statistical purposes in connection with approved projects” and “do this
without creating a data clearinghouse or warehouse.”
This Insight discusses NSDS proposals, related background, and potential issues for Congress.
Legislation
The House-passed version of H.R. 2225 would provide for an NSDS demonstration project within the
National Science Foundation (NSF). If the bil is enacted, the NSF director would be authorized to
operate the project directly or award a contract to another entity.
The proposed NSDS project would be directed to “align” with a particular advisory committee’s
recommendations “to the extent feasible.” The Foundations for Evidence-Based Policymaking Act of
2018 (FEBPA) had established this advisory committee to assist the Office of Management and Budget
(OMB) in carrying out certain interagency data-sharing provisions. These data-sharing provisions were
included within FEBPA as Part D of the Confidential Information Protection and Statistical Efficiency Act
of 2018 (CIPSEA). Part D newly required an agency to share its data assets—upon request and “to the
extent practicable”—with any requesting statistical agency or unit for developing evidence for statistical
purposes, unless such sharing is specifical y prohibited. CIPSEA is silent regarding the ultimate
disposition or destruction of the shared data.
Congressional Research Service
https://crsreports.congress.gov
IN11717
CRS INSIGHT
Prepared for Members and
Committees of Congress
Congressional Research Service
2
If enacted, H.R. 2225 would require the NSF director to “consider … use of systems and technologies” in
this project that “reasonably ensure confidential data and statistical products are protected.” The project
would maintain a public website on supported projects and would submit a report to Congress, including
descriptions of data protection policies and al completed or active data linkage projects and an
assessment of the project’s effectiveness and risks. The bil would authorize $9 mil ion annual y for the
project for FY2022-FY2026.
Background
Since the advent of the computing era, policymakers have intermittently considered the creation of a
centralized clearinghouse to combine government data, variously noting promise and peril. Proponents
suggested it could provide access to agencies and researchers to foster learning, improve programs, and
reduce the cost of studies. Critics, on the other hand, suggested that such access could come at the cost of
individual privacy or al ow the government or malicious actors to target individuals or groups. Ultimately,
such concerns prevented the creation of a clearinghouse. The concerns led to enactment of the Privacy
Act of 1974, which restricts how agencies may share data that identifies individuals in the absence of
consent, with certain exceptions. Agencies also oftentimes took restrictive views on data sharing for
statistical purposes because of an absence of specific statutory authorization or concerns about public
acceptance.
Subsequently, some efforts to promote data sharing were undertaken on a case-by-case basis, such as
limited sharing authorized in an earlier version of CIPSEA in 2002. Additional CIPSEA 2002
provisions—stil current law—sought to ensure that data provided to federal agencies under a pledge of
confidentiality would be “subject to uniform and rigorous statutory provisions against their unauthorized
use,” instead of the situation at the time, in which confidentiality regimes varied among agencies and
were often “not based in law.”
In 2016, Congress established CEP to consider whether “a data clearinghouse should be established to
ensure federal data is available to policymakers, and also study how best to protect the privacy rights of
individuals who interact with federal agencies.” CEP’s 2017 report suggested that advances in technology
could support creation of an NSDS, which could combine data without risking individual privacy or
warehousing data. CEP highlighted a complex legal environment surrounding data sharing, noting that
many statutes govern data collection, management, privacy, and confidentiality in particular contexts.
CEP observed “that some variation in the laws that govern the protection of data is sensible given the
contextual nature of privacy. It is unclear, however, that al of the variation in the legal structure is
intentional.” For its part, OMB had earlier sought to encourage agency data sharing administratively.
After publication of CEP’s report, CEP’s co-chairs moved to the Bipartisan Policy Center (BPC), and
companion bil s were introduced. BPC characterized the bil s as including some of CEP’s
recommendations. In January 2019, FEBPA became law but did not establish an NSDS. Nevertheless,
Title III of FEBPA modified CIPSEA to (1) al ow OMB to designate statistical agencies or units at any
executive agency and (2) require agencies to make data available upon request to any designated
statistical agency or unit. CIPSEA does not specify how long the shared data may exist. FEBPA requires
OMB to issue regulations regarding Title III implementation, but none have yet been issued.
Potential Issues for Congress
Observers have noted potential benefits and risks of data sharing. In addition, uncertainties remain about
FEBPA implementation and how an NSDS could operate and be structured. In evaluating policy options,
Congress might consider multiple questions:
Congressional Research Service
3
In the absence of OMB regulations and formal recommendations from the advisory
committee, are there implications for legislation?
Would placement of NSDS in a non-federal entity help or hinder data access and
security?
Has CIPSEA’s Part D data sharing authority been used to date? Does it enable the
creation of data clearinghouses?
Who should decide how long combined data sets exist?
What technologies are available to facilitate data sharing and privacy protection?
How can the government ensure data is used transparently and only for desired purposes?
Author Information
Meghan M. Stuessy
Clinton T. Brass
Analyst in Government Organization and Management
Specialist in Government Organization and Management
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff
to congressional committees and Members of Congress. It operates solely at the behest of and under the direction of
Congress. Information in a CRS Report should not be relied upon for purposes other than public understanding of
information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role.
CRS Reports, as a work of the United States Government, are not subject to copyright protection in the United
States. Any CRS Report may be reproduced and distributed in its entirety without permission from CRS. However,
as a CRS Report may include copyrighted images or material from a third party, you may need to obtain the
permission of the copyright holder if you wish to copy or otherwise use copyrighted material.
IN11717 · VERSION 2 · NEW