The following guidelines must be followed by all Bureau of Labor Statistics (BLS) program offices and BLS employees to ensure the integrity of information maintained and disseminated by the BLS.
Office of Management and Budget (OMB) information quality guidelines define “Integrity” as the security of information—protection of the information from unauthorized access or revision, to ensure that the information is not compromised through corruption or falsification.
Confidential nature of BLS information
All confidential information maintained by BLS shall be treated in a manner that ensures the information will be used appropriately and will be accessible only to authorized individuals with a need to know. There are two categories of confidential information involved in carrying out BLS work, respondent identifiable information (RII) and prerelease information.
RII are respondent data collected or maintained by, or under the auspices of, the BLS under a pledge of confidentiality. RII must be used only for statistical purposes and accessible only to authorized persons.
Prerelease information, including economic series data and analysis prepared for release to the public, must not be disclosed or used in an unauthorized manner before they have been released, and are accessible only to authorized persons.
Authorized persons include BLS employees who have taken and subscribed the oath of office upon entering on duty and who are responsible for collecting, processing, or using the confidential information in furtherance of statistical purposes or for the other stated purposes for which the information was collected. Authorized persons are authorized access to only the information that is integral to the program on which they work, and only to the extent required to perform their duties.
When non-BLS employees are granted access to confidential BLS information, they must be notified of their responsibility for taking specific actions to protect the information from unauthorized disclosure. The vehicle for providing this notification is the written contract or other agreement that authorizes them to receive access to the information. Accordingly, if a commercial contract, cooperative agreement, letter of agreement, memorandum of understanding, or other agreement provides a non-BLS employee access to BLS confidential information, it must contain appropriate provisions to safeguard the information from unauthorized disclosure. The authorization document will state the purpose for which the data will be used and that all persons with access to the data will follow the BLS confidentiality policy, including signing either an agent agreement or nondisclosure agreement where appropriate. These provisions are required whether the information are accessed on or off BLS premises.
The integrity of the BLS data collection process requires that all survey information be sound and complete. Data must be obtained from the appropriate company official or respondent, and the data entries must accurately report the data and responses they provided. The administrative aspects of the data collection process, such as work time reported and travel voucher entries, must be factually reported. Therefore, employees must not deliberately misrepresent the source of the data, the method of data collection, the data received from respondents, or entries on administrative reporting forms.
Additionally, the BLS has strong internal policies and procedures to protect the handling of RII, including the transmission of data to or from respondents.
Procedures for safeguarding confidential information
Program office managers are responsible for implementing procedural and physical safeguards to protect confidential information from disclosure or misuse within their offices, including:
- Preparing written procedures for the identification, labeling, handling, and disposal of confidential information. Ensuring that all employees within their organizations are familiar with and understand these procedures.
- Ensuring that new employees are informed about the different types of confidential information maintained in their work areas and the special precautions that are to be taken with their use, storage, and disposal.
- Developing data collection instruments and collection methodology in conformance with OMB guidelines on confidentiality.
All BLS employees and agents are responsible for abiding by Federal statutes regarding the protection of RII, including the Confidential Information Protection and Statistical Efficiency Act, the Trade Secrets Act, and the Wagner-Peyser Act. All BLS employees are responsible for following the rules of conduct in the handling of personal information contained in the records covered under the Privacy Act of 1974, which are in the custody of the BLS.
Dissemination of news and data releases
Public information documents require advance clearance through the Associate Commissioner for Publications, who is responsible for seeing that each publication meets BLS publication standards and also the standards set by the Department of Labor, the Congressional Joint Committee on Printing, and OMB. BLS offices also are required to consult the Associate Commissioner for Publications before instituting an automated process to disseminate news releases or other products to the public.
No advance release of prerelease information shall be made unless directed by the Commissioner of Labor Statistics under the discretion granted under OMB Statistical Directives Numbers 3 and 4. BLS organizations shall strictly follow the Commissioner's specifications in making an advance release.
The BLS secures all data by ensuring that the systems which house the data are secured in accordance with all federal, departmental, and agency requirements:
- In accordance with the Federal Information Security Management Act (FISMA) of 2002, BLS information systems employ security controls for safe storage and transmission of electronic information. FISMA mandates that security controls, as promulgated in guidance from National Institute of Standards and Technology (NIST), must be employed at all federal agencies to be in compliance with NIST’s Federal Information Processing Standards (FIPS).
- BLS information and data security policies are based on standards outlined in the FIPS 200, “Minimum Security Requirements for Federal Information and Information Systems” and the accompanying Special Publication 800-53, “Recommended Security Controls for Federal Information Systems.” In complying with these regulations, BLS conducts operations cognizant of the extent of harm to individuals, organizations, and assets that may result from unauthorized disclosure, use of protected information, or access to BLS resources.
- BLS maintains procedures for detecting, reporting, and responding to data and network security incidents. These procedures are periodically tested and evaluated to ensure appropriate protection of sensitive information.
- BLS regularly audits and monitors all security controls.
- BLS systems are assessed and authorized using Department of Labor and NIST guidelines. BLS assigns responsibility and provides appropriate training to all BLS employees and contractor personnel regarding safeguarding information.
- In accordance with the Cybersecurity Act of 2015, the BLS systems are protected from malicious activities through cybersecurity screening of transmitted data.
Last Modified Date: December 6, 2016