How NPWR is Built to Keep This Pledge

NPWR is designed to balance privacy with the ability to discover insights about Nevada's education, higher education, and workforce policies, initiatives, and programs. NPWR is built on a foundation of multi-layered security. Every aspect of the NPWR system is designed to ensure the complete anonymity of all Nevadans and the privacy and security of all data within the system.

The key organizational elements that ensure privacy include:

• NPWR does NOT collect data from citizens

  It is a system that was developed among its participating agencies to allow the merging of data in a highly controlled environment using technology that strips "exposure data" (information that identifies an individual) before merged information is released to researchers.

• NPWR is a "hybrid federated" model for longitudinal data

  Rather than build an entirely new "data warehouse" to collect and store data, which would have required the duplication of private data (and redundant infrastructure to support and protect that data), Nevada chose to implement a system that leaves its data where it has always been, secure within the participating agencies' databases.

• One cannot simply walk up (login) to NPWR to initiate a data merge

  Data merges are initiated by vetted researchers who first have completed an application process and whose research questions have been reviewed and validated. Then they are assigned a committee of agency "sponsors" who guide and oversee the process – all in the name of accuracy AND privacy. Each step along the way, from access request to publication of results, must be approved by the sponsoring agency.

• The NPWR Book of Data Governance requires regular meetings, testing, and assessments of NPWR to include ensuring privacy

NPWR's Security

Participating Agencies control data they elect to share with the NPWR system. NPWR will pull linked data encrypted in transit and then produce record level data sets encrypted at rest that are de-identified using random identifiers. All data is stored and secured in accordance with industry best practices, the data owner requirements (such as the Family Educational Rights and Privacy Act (FERPA)), and guidelines set forth by National Institute of Standards and Technology (NIST) 800.

Publications in NIST’s Special Publication (SP) 800 series present information of interest to the cybersecurity community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems. NIST develops SP 800-series publications in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283.