Recommendation to Update Data Use and Retention Policies



NHSDC Recommendation to Update Data Use and Retention Policies
Is this email not displaying correctly?
View it in your browser.


NHSDC


Recommendation to Update Data Use and Retention Policies

Members recently raised concerns on emerging immigration issues and sought guidance from the National Human Services Data Consortium (NHSDC).  As developments unfold, these changed circumstances are relevant to every community dedicated to delivering social services that sustain life and protect households.  Individuals should carefully consider whether to retain data that may put the community and clients at risk.

While agencies, non-profits, and others are committed to the privacy of their records, their capacity to maintain confidentiality may be threatened by new federal government policies.  Community agencies depending on federal grants, municipalities deriving significant benefit from federal business, and other groups susceptible to the withdrawal of federal dollars should carefully consider the benefit of storing data related to national origin or immigration status.

Demands by the federal government, through statutory or regulatory authority, or state and local interlocutors, could leverage a variety of incentives to create substantial pressure on organizations to improperly disclose data collected under a promise of confidentiality.

All stewards of data collected and disseminated at the local, state, and federal levels should carefully consider if the vulnerability created by maintaining this data is sufficiently balanced by the services provided based on that data.

Communities may want to consider the following factors to inform their decision:
  1. Why is the information collected?
    • Is it pursuant to specific direction by a funder or authority with jurisdiction?
    • Does the information inform a specific policy, service referral, or activity?
    • Is this information reported in the aggregate or by individuals to any external entity?
  2. Does the information benefit the household or individual enrolled in the service?
    • Is the benefit specific and concrete for the material benefit of the client?
    • Is the benefit contingent on having the participant’s immigration status or country of origin?
    • Is the data collected only for the benefit of the agency or community’s planning or reporting purposes?
  3. If the household’s life/safety is at risk, does the custodian of the records have sufficient authority to hash, remove, archive, or destroy a data element not required by statutory or grant obligations?
    • Does the administrator of the system have clear instruction from the entity that owns the system on how to proceed?
    • Are these instructions documented with clear language and disseminated to the relevant parties that need instructions?
    • Does this new dynamic require an update to your organization’s data retention policy?
  4. Has the organization that owns the system discussed and determined a course of action for any resulting legal action?
    • Does the organization have an attorney?
    • Has the organization met and discussed this and related topics with their attorney?
    • How does local, state, and federal law impact decisions like this?
    • How does directors and officers insurance, liability insurance, and other protections apply or not?
    • Can organizations partner with larger entities, states or municipalities, to leverage resources and expertise?
NHSDC remains committed to providing leadership on the best use of information technology to manage human services.   We anticipate creating opportunities for members to discuss the issues raised here at our upcoming Spring conference.