The NPWR Privacy Pledge
The NPWR system is designed to meet or exceed any and all Nevada state and federal privacy laws and requirements.
The NPWR system is designed to meet or exceed any and all Nevada state and federal privacy laws and requirements.
NPWR is designed to balance privacy with the ability to discover insights about Nevada's education, higher education, and workforce policies, initiatives, and programs. NPWR is built on a foundation of multi-layered security. Every aspect of the NPWR system is designed to ensure the complete anonymity of all Nevadans and the privacy and security of all data within the system.
The key organizational elements that ensure privacy include:
It is a system that was developed among its participating agencies to allow the merging of data in a highly controlled environment using technology that strips "exposure data" (i.e., any information that identifies an individual) before merged information is released to researchers (see below for more details on the technology).
Rather than build an entirely new "data warehouse" to collect and store data, which would have required the duplication of private data (and redundant infrastructure to support and protect that data), Nevada chose to implement a system that leaves its data where it has always been, secure within the participating agencies' databases.
Data merges are initiated by vetted researchers who first have completed an application process and whose research questions have been reviewed and validated. Then they are assigned a committee of agency "sponsors" who guide and oversee the process - all in the name of accuracy AND privacy. Each step along the way, from access request to publication of results, must be approved by the sponsoring agency.
If exposure data is protected behind privacy firewalls of state agencies, how is useful data merged? The State of Nevada's solution to this question was developed by the Nevada Department of Education, the Nevada System of Higher Education, and the Nevada Department of Employment, Training and Rehabilitation.
Using a state of the art probabilistic matching system, NPWR matches data across agencies through a process that de-identifies and cleanses the data to provide the highest possible match rate while maintaining full privacy. All data within NPWR are fully de-identified to ensure that no personally identifiable information ever remains within the system. Each time a researcher requests data, the system will generate a completely new set of unique identifiers for each individual in the data. This feature, developed to comply with state law, ensures that the new data set cannot be linked to the previously requested data set based on unique identifiers.
Before agency data sets are delivered to the data hub for merging, an algorithm is applied to the data to render key, private information (e.g., name and date of birth) into a string of meaningless numbers and letters.
The newly created data sets expire and are destroyed at the end of two weeks, after the initial database inquiry, effectively making the data unique for every merge.
It is important to note that "de-identification" is a "one-way" process that is different than encryption, which is "two-way" scrambling, meaning the data can move back and forth from encrypted to readable data. In simple terms, once de-identified the data cannot be reversed back to identified data.
In the application review process and in the algorithm and Data Hub processes, there are minimum data threshold requirements to ensure that NPWR does not create data sets that could be used, through a process of elimination, to match de-identified data back to individuals or groups of people.
The merged data is then reviewed by agency staff for both accuracy and privacy before being released to researchers.
Any data sets that are then to be released to the public are scrutinized again for privacy concerns before release.
Myth 1: NPWR is part of the Common Core State Standards Initiative.
Fact: NPWR is a program of the Nevada state government agencies and is not related to any Common Core initiatives.
Myth 2: NPWR is part of a system to provide personally identifiable data to the Federal Government.
Fact: NPWR does not collect data. NPWR does not provide student-level data to the US Department of Education (USED) or any other federal agency. Nevada is not participating in any project to create a national or multi-site database of personally identifiable student information. NPWR is a tool that will help Nevadans make data-driven decisions and improve Nevada's workforce.
Myth 3: NPWR collects highly private information like religious affiliation, political affiliation, voting records, and medical/psychological information.
Fact: NPWR does not collect or warehouse data at all, personal or otherwise. NPWR participating agencies do not collect data on the religious affiliation, political affiliation, or voting records of its citizens. No personally identifiable information is ever stored on NPWR or released to researchers.