Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 18 Jul 2026 | |
| Data Policy |
The Data Foundation takes no position on whether DAO 216-26 should stand. Our role is to clarify the policy-versus-statistics distinction that this debate turns on, to help the community understand what the order does and does not mean, and to convene the agencies, data users, and methodologists around the facts —including hosting a neutral venue for stakeholders to be heard and helping to frame the product-by-product impact assessment the debate needs. We hold the shared goal that unites every serious party to this discussion: the maximum of accurate, usable public data, with the confidentiality of respondents genuinely protected.
An emerging debate since the publication of the order has quickly sorted into camps. Some hear an attack on sound statistical science; others hear a welcome return to numbers the public can readily trust. Reactions have been strong and have come from several directions. Many data-user and statistical-professional organizations have raised concerns, some emphasizing the risk that leaning on suppression and coarsening will mean less usable public data, especially for small areas and small population groups; others focused on the change process, noting that a change of this scope was issued without a public comment period.
Behind any published statistic that draws on confidential data sit at least two very different kinds of choices.
The first kind of choice is about values, and no formula can answer value-laden questions. The questions are judgments about competing public goods, and reasonable people across a democratic society will weigh them differently. These are POLICY DECISIONS, and they include setting the top-line budget for producing timely, trusted data is itself a policy choice about priorities, one that determines what is even possible on the technical side, how much data can be collected, what can be safely and responsibly protected, and what mechanisms for access and openness will be made available.
The second kind is about technique. These questions have more technically right-or-wrong answers, and answering them well takes specialized training. They are squarely STATISTICAL DECISIONS.
The healthiest arrangement is simple to state and surprisingly easy to lose sight of: accountable policymakers make the policy decisions (which we hope are done openly, and informed by the evidence) and statistical professionals make the statistical decisions.
Policy Questions
Statistical Questions
Determining the level of acceptable risk of reidentification is a choice about how much accuracy the public should trade for how much protection. This is a value judgment with real consequences for societal activities like redistricting, funding, research, and trust. Designing the machinery that hits a chosen setting with the least possible loss of usefulness is a statistical question, and an incredibly hard one. The profession itself has put it this way: the American Statistical Association has described the size of that privacy "budget" as "both a policy and social question," one for accountable stakeholders to decide, with statisticians informing the tradeoffs.
Every setting in this privacy dial is a different bargain between accuracy and confidentiality.
This confusion between policy decisions and technical decisions is not new. Disclosure avoidance is genuinely technical and required by law, so its policy content is easy to tuck inside mathematics and computer science. The people most fluent in the valid, reliable methods that are operationally available are statisticians, so the value-laden choices can drift, by default, to the technical experts who happen to be in the room—not because they seek that authority, but because no one else recognizes the choice as theirs to make, especially policy officials who may be less steeped in complex technical details.
The costs of getting it wrong run in both directions. When policy choices masquerade as technical ones, the public is quietly shut out of decisions that are really about values, and trust erodes when people later realize a consequential judgment was made without them. When genuinely technical questions are settled by non-specialists or by blanket rules, the result can be poor execution: data that is suppressed when it need not be, or confidentiality that is not actually protected. Clear lines between policy and technical decisions produce better accountability, better methods, and more durable public trust regardless of the substantive path that is chosen. The discipline runs in both directions. Just as a policy choice can hide inside technical work, a policy ambition can outrun what a method can actually deliver at scale. A sound choice, in either direction, must be guided by honest evidence about what the technology can and cannot do. Policy sets the direction; the methods determine what is actually achievable.
Seen through this lens, the new Commerce Department order about data protections comes into focus. The order's central move is to steer away from noise infusion and toward grouping, rounding, and withholding. The order’s text offers both a methodological directive and a policy choice about acceptable risk, presenting a decision between balancing accuracy and confidentiality. That is a legitimate kind of decision for accountable policymakers to make. Framing the order as simply "anti-statistics" misunderstands the action; but so too does treating a value judgment as if it were a settled technical finding.
There is a fair question at the edge of this debate: the same law that assigns the agencies their core responsibilities also tasks the agencies themselves with determining the appropriate methods to carry them out, so exactly where a policy choice about acceptable risk ends and a specific method determination begins is genuinely ambiguous. Understood precisely, a choice like this order is best read as a policy determination about how much accuracy and reliability published figures must have — a value judgment about how much alteration of published values is acceptable, which accountable officials may legitimately make — with the treatment of any particular method following from that standard. Whether a given method in fact compromises accuracy is itself partly a technical question on which experts differ; but prioritizing accuracy and weighing it against other goods is a policy call, not a technical finding.
It also helps to be precise about what "accuracy" means in the context of disclosure avoidance. Coarsening and suppression have a real virtue, which the order emphasizes: they do not publish altered values — a coarsened figure is true, just less detailed, and a suppressed figure is simply absent rather than perturbed. But choosing them does not make the underlying tension disappear. The tradeoff between protecting confidentiality and preserving usefulness is a mathematical feature of releasing data about small groups; moving away from noise does not dissolve that tradeoff so much as relocate it — into coarser geographies, fewer published cells, or withheld tables. Recognizing this is not an argument for or against the order. It is simply what lets everyone weigh the same choice honestly.
What remains squarely statistical is everything about carrying the choice out: how the agencies implement the permitted approaches; how they assess, product by product, what grouping and withholding can and cannot protect; how they measure the confidentiality risk that remains; and how they communicate the resulting uncertainty, so that a user in a small town or a small population group understands what the numbers can and cannot bear. The order also adds an implementation step that is not, strictly, a statistical one. Before any Census Bureau or BEA product is released, it must pass an individualized legal review conducted by the agency director together with the Office of the General Counsel, against the specific confidentiality statute that governs it. Much of the order's real-world effect will be decided here. How much this matters will turn on details still to be set in the implementation guidance, above all whether a product is cleared once or re-reviewed with each release.
The data and privacy communities can pursue productive questions such as:
Those questions are answerable, and they point toward cooperation rather than conflict.
The bipartisan U.S. Commission on Evidence-Based Policymaking, the Foundations for Evidence-Based Policymaking Act, the Public Trust Regulation that reinforces Statistical Policy Directive No. 1, the scientific-integrity commitments of recent administrations of both parties, and, most recently, the statistical profession's own 2026 roadmap for modernizing the federal statistical system all converge on the same picture:
A decision reached this way can command confidence regardless of which methods it favors. A decision reached opaquely, or with the policy and technical roles confused, invites mistrust even when the underlying choice is sound.
This is also why process matters as much as substance. When a change to how statistics protect confidentiality carries broad, rulemaking-scale consequences, the good-practice instincts above point toward an open comment process and a published, product-by-product assessment of how the change affects both data usefulness and disclosure risk, so that accountable officials, the expert agencies, and the data users who depend on these products can all see the tradeoffs before they are locked in. None of that dictates which methods should win. It is simply how a consequential choice earns trust, whatever it decides.
Congress, in fact, already sketched a more systematic way to make these calls. The Evidence Act directs OMB to issue standards for categorizing how sensitive each data product is and how accessible it can safely be, with public risk assessments behind release decisions (44 U.S.C. § 3582). That rule has not yet been issued, so for now these judgments are being made without the transparent, risk-based framework the law envisioned, which is part of why so much weight now falls on method choice and case-by-case legal review.
The argument over how federal statistics protect confidentiality will be far more productive once we stop treating it as a single question; there are clearly two dimensions. One is about values and belongs, transparently, to accountable policymakers informed by expertise. The other is about technique and belongs to the statisticians.
The Data Foundation works at exactly this seam between data policy and statistical practice, and has since its founding. Our interest is that the choice is recognized for what it is, made in the open, informed by the best evidence, and carried out by the professionals best equipped to implement.
About the Data Foundation
The Data Foundation is a Washington, DC-based, non-profit, non-partisan organization. We are a trusted authority on the use of open, accessible data to fuel a more efficient, effective, and accountable government; spark innovation; and provide insights to the countryʼs most pressing challenges. We conduct research, facilitate collaborative thought leadership, and promote advocacy programs that advance practical policies for the creation and use of accessible, trustworthy data and evidence. For more than a decade, the Data Foundation has been bringing attention to key issues facing the data community. We bring together non-traditional partners and stakeholders to devise practical solutions, which culminate in new policies and approaches for innovating and using data and evidence. The impacts from our work have been tremendous, culminating in enactment of milestone legislation, stronger communities for implementing transparency and data initiatives, and demonstrations of new strategies for innovating with government data. DataFoundation.org