Changes for page Guidelines for Confidentiality and Embargo in SDMX
Last modified by Artur K. on 2026/05/29 14:28
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -19,25 +19,18 @@ 19 19 20 20 This paper presents use case scenarios related to confidentiality and embargo in SDMX data exchanges, and provides recommendations on how to represent these elements in the SDMX model. The aim is to provide a consistent and practical way to represent these aspects in SDMX artefacts in order to promote cross-domain consistency, and harmonise methodology and processes. 21 21 22 - 23 23 Confidentiality aims at protecting data from unauthorised disclosure that could be prejudicial or harmful to the interest of the source or other relevant parties. 24 24 25 - 26 26 Embargo means that data may become public only after expiry of a pre-defined date and time. 27 27 28 - 29 29 Embargo establishes a relationship between a set of data (e.g. an observation), a date/time and a group of privileged data recipients. 30 30 31 - 32 32 Disclosure of data marked as confidential or under embargo is not permitted. Procedures should be in place to prevent such disclosure, including rules for staff, aggregation rules when disseminating data, provision of unit records, etc. 33 33 34 - 35 35 There needs to be a formal agreement between organisations involved in the exchange of confidential data in order to prepare systems and workflows. 36 36 37 - 38 38 Data exchange partners are advised to agree up front on the usage of the embargo mechanism(s) for specific data messages. 39 39 40 - 41 41 The embargo CONF_STATUS value “E” is not recommended for final dissemination to users but only for data exchange. 42 42 43 43 = Use Cases = ... ... @@ -48,7 +48,6 @@ 48 48 49 49 Data is available to the public immediately, meaning that data is not confidential and there is no embargo. 50 50 51 - 52 52 The data’s CONF_STATUS attribute should be set to “Free (free for publication)”. 53 53 54 54 |((( ... ... @@ -63,7 +63,6 @@ 63 63 64 64 One or more observations in the data message are confidential. Embargo does not play a role in this scenario. Depending on arrangements between data exchange partners, this data can be made available to privileged data users. 65 65 66 - 67 67 The observation’s CONF_STATUS attribute should use a specific code denoting the confidential character of the information. Below are some examples of such confidentiality statuses[[~[1~]>>path:#_ftn1]]: 68 68 69 69 * **N**: Not for publication, restricted for internal use only. Used to denote observations that are restricted for internal use only within organisations ... ... @@ -71,20 +71,17 @@ 71 71 * **D**: Secondary confidentiality set by the sender, not for publication 72 72 * **A**: Primary confidentiality due to small counts 73 73 74 - 75 - 76 76 === Forwarding confidential data to secondary recipients === 77 77 78 78 A sender sends confidential data to certain primary recipients, and allows those to forward the confidential data to a restricted and pre-defined set of secondary recipients. 79 79 80 - 81 81 The observation’s CONF_STATUS attribute should be marked as “Not for publication, restricted for internal use only”. An additional observation-level attribute: CONF_REDIST, defines the secondary recipient(s) to whom the sender allows the primary recipient to forward confidential data[[~[2~]>>path:#_ftn2]]. See section **Use of the CONF_REDIST attribute** for the appropriate coding of this attribute. 82 82 83 - 84 84 The forwarding of confidential data is represented as follows in SDMX: 85 85 86 86 |((( 87 -=== SDMX representation === 74 +(% class="wikigeneratedid" id="HSDMXrepresentation-1" %) 75 +SDMX representation 88 88 89 89 * **CONF_STATUS**: N; 90 90 * **CONF_REDIST **(Observation, Conditional): [Organisation(s)]; ... ... @@ -99,14 +99,13 @@ 99 99 * Allowing privileged access to embargoed data 100 100 * Enabling the frontloading of data into systems 101 101 102 - 103 - 104 104 **//Allowing privileged access to embargoed data//** 105 105 106 106 If the goal is to allow the data recipient to have privileged access to embargoed observations in a data message (message), the embargoed observation’s CONF_STATUS attribute should be coded as “E: Not for publication until the embargo time expires; free for publication after the embargo time expires.” with an observation level attribute EMBARGO_TIME (date/time/time zone). 107 107 108 108 |((( 109 -=== SDMX representation === 95 +(% class="wikigeneratedid" id="HSDMXrepresentation-2" %) 96 +SDMX representation 110 110 111 111 * **CONF_STATUS**: E; 112 112 * **EMBARGO**_**TIME** (Observation, Conditional): [timestamp]