Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 1 Jan 2024 | |
| Evidence Act Hub |
Executive Summary
Current privacy regulations struggle to balance protecting confidentiality with enabling data use for social benefits, lacking frameworks to govern evolving risks. Laws like the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA), while establishing baseline confidentiality protections, can be insufficiently flexible in balancing risks against potential social benefits of responsible data sharing. Originally developed decades ago under a compliance regime not focused on evolving privacy risks, these laws lacked farsighted conceptual frameworks to assess and calibrate controls that could achieve necessary thresholds of data safety while enabling responsible data sharing. The passage of the Foundations for Evidence-Based Policymaking Act (Evidence Act) introduced new authorities for secure data access and sharing for statistical activities, including a presumption of accessibility. To fully realize the promise of expanded data use under the Evidence Act, a conceptual privacy framework must find a way to account for the complex realities of the modern data ecosystem and evolving privacy challenges. The Five Safes model offers a framework for calibrated controls across people, projects, settings, data, and outputs to expand access for social benefits where appropriate through transparent decisions. Data-as-a-service (DaaS) systems can retain control while increasing access under oversight. Aligned policies can embed the Five Safes into auditable protocols, honoring baseline regulations and laws like HIPAA, while responsibly implementing the vision of the Evidence Act.
