Changes for page Guidelines for Confidentiality and Embargo in SDMX
Last modified by Artur K. on 2026/05/29 14:28
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -19,18 +19,25 @@ 19 19 20 20 This paper presents use case scenarios related to confidentiality and embargo in SDMX data exchanges, and provides recommendations on how to represent these elements in the SDMX model. The aim is to provide a consistent and practical way to represent these aspects in SDMX artefacts in order to promote cross-domain consistency, and harmonise methodology and processes. 21 21 22 + 22 22 Confidentiality aims at protecting data from unauthorised disclosure that could be prejudicial or harmful to the interest of the source or other relevant parties. 23 23 25 + 24 24 Embargo means that data may become public only after expiry of a pre-defined date and time. 25 25 28 + 26 26 Embargo establishes a relationship between a set of data (e.g. an observation), a date/time and a group of privileged data recipients. 27 27 31 + 28 28 Disclosure of data marked as confidential or under embargo is not permitted. Procedures should be in place to prevent such disclosure, including rules for staff, aggregation rules when disseminating data, provision of unit records, etc. 29 29 34 + 30 30 There needs to be a formal agreement between organisations involved in the exchange of confidential data in order to prepare systems and workflows. 31 31 37 + 32 32 Data exchange partners are advised to agree up front on the usage of the embargo mechanism(s) for specific data messages. 33 33 40 + 34 34 The embargo CONF_STATUS value “E” is not recommended for final dissemination to users but only for data exchange. 35 35 36 36 = Use Cases = ... ... @@ -41,6 +41,7 @@ 41 41 42 42 Data is available to the public immediately, meaning that data is not confidential and there is no embargo. 43 43 51 + 44 44 The data’s CONF_STATUS attribute should be set to “Free (free for publication)”. 45 45 46 46 |((( ... ... @@ -55,6 +55,7 @@ 55 55 56 56 One or more observations in the data message are confidential. Embargo does not play a role in this scenario. Depending on arrangements between data exchange partners, this data can be made available to privileged data users. 57 57 66 + 58 58 The observation’s CONF_STATUS attribute should use a specific code denoting the confidential character of the information. Below are some examples of such confidentiality statuses[[~[1~]>>path:#_ftn1]]: 59 59 60 60 * **N**: Not for publication, restricted for internal use only. Used to denote observations that are restricted for internal use only within organisations ... ... @@ -62,17 +62,20 @@ 62 62 * **D**: Secondary confidentiality set by the sender, not for publication 63 63 * **A**: Primary confidentiality due to small counts 64 64 74 + 75 + 65 65 === Forwarding confidential data to secondary recipients === 66 66 67 67 A sender sends confidential data to certain primary recipients, and allows those to forward the confidential data to a restricted and pre-defined set of secondary recipients. 68 68 80 + 69 69 The observation’s CONF_STATUS attribute should be marked as “Not for publication, restricted for internal use only”. An additional observation-level attribute: CONF_REDIST, defines the secondary recipient(s) to whom the sender allows the primary recipient to forward confidential data[[~[2~]>>path:#_ftn2]]. See section **Use of the CONF_REDIST attribute** for the appropriate coding of this attribute. 70 70 83 + 71 71 The forwarding of confidential data is represented as follows in SDMX: 72 72 73 73 |((( 74 -(% class="wikigeneratedid" id="HSDMXrepresentation-1" %) 75 -SDMX representation 87 +=== SDMX representation === 76 76 77 77 * **CONF_STATUS**: N; 78 78 * **CONF_REDIST **(Observation, Conditional): [Organisation(s)]; ... ... @@ -87,13 +87,14 @@ 87 87 * Allowing privileged access to embargoed data 88 88 * Enabling the frontloading of data into systems 89 89 102 + 103 + 90 90 **//Allowing privileged access to embargoed data//** 91 91 92 92 If the goal is to allow the data recipient to have privileged access to embargoed observations in a data message (message), the embargoed observation’s CONF_STATUS attribute should be coded as “E: Not for publication until the embargo time expires; free for publication after the embargo time expires.” with an observation level attribute EMBARGO_TIME (date/time/time zone). 93 93 94 94 |((( 95 -(% class="wikigeneratedid" id="HSDMXrepresentation-2" %) 96 -SDMX representation 109 +=== SDMX representation === 97 97 98 98 * **CONF_STATUS**: E; 99 99 * **EMBARGO**_**TIME** (Observation, Conditional): [timestamp]