Privacy Policy

All the information collected in this voluntary survey is confidential by law (P.L. 107-347, Title V and 44 U.S.C. § 3501 note). It may be seen only by persons certified to uphold the confidentiality of information, and used only for statistical purposes from which no company can be identified. For example, in reporting the results data will be aggregated in such a way that individual companies cannot be identified. The law also prohibits the sharing of your data with other agencies, exempts the information you provide from requests made under the Freedom of Information Act (FOIA), and ensures that your responses are immune from legal process.

The Freedom of Information Act (FOIA) protects from disclosure any confidential "trade secrets and commercial or financial" information provided to the Federal government by a corporation. This means that information voluntarily provided by companies about their security practices and experience with computer security incidents as part of the survey is not subject to subpoena under the FOIA.

Moreover, only select project staff at RAND will know the identity of participating companies. And, as a private, non-governmental organization, RAND is not subject to the FOIA. The experience of RAND in conducting surveys is noteworthy. Despite multiple legal efforts over the years to compel RAND to disclose confidential survey information, no such effort or court subpoena has ever succeeded. RAND has never been compelled to release such information in all of its 58 year history.

For this project, RAND has submitted a "Privacy Certificate" that complies with 28 CFR 22.23. As with all surveys RAND conducts, your organization’s identity will be kept confidential. Again, only select project staff at RAND will know the identity of businesses participating in the study. Neither the U.S. Department of Justice nor the U.S. Department of Homeland Security will have access to company identities. And, again, no data about your company will be shared with other agencies or businesses.

To address further questions or concerns regarding the NCSS Privacy Policy, please contact RAND at ncss@rand.org, or toll-free at 1-800-734-5399, Monday through Friday, 8:00 a.m. to 5:00 p.m. Pacific Time.


NCSS Home Frequently Asked Questions NCSS Supporters Contact Information About the Sponsors	Privacy Policy All the information collected in this voluntary survey is confidential by law (P.L. 107-347, Title V and 44 U.S.C. § 3501 note). It may be seen only by persons certified to uphold the confidentiality of information, and used only for statistical purposes from which no company can be identified. For example, in reporting the results data will be aggregated in such a way that individual companies cannot be identified. The law also prohibits the sharing of your data with other agencies, exempts the information you provide from requests made under the Freedom of Information Act (FOIA), and ensures that your responses are immune from legal process. The Freedom of Information Act (FOIA) protects from disclosure any confidential "trade secrets and commercial or financial" information provided to the Federal government by a corporation. This means that information voluntarily provided by companies about their security practices and experience with computer security incidents as part of the survey is not subject to subpoena under the FOIA. Moreover, only select project staff at RAND will know the identity of participating companies. And, as a private, non-governmental organization, RAND is not subject to the FOIA. The experience of RAND in conducting surveys is noteworthy. Despite multiple legal efforts over the years to compel RAND to disclose confidential survey information, no such effort or court subpoena has ever succeeded. RAND has never been compelled to release such information in all of its 58 year history. For this project, RAND has submitted a "Privacy Certificate" that complies with 28 CFR 22.23. As with all surveys RAND conducts, your organization’s identity will be kept confidential. Again, only select project staff at RAND will know the identity of businesses participating in the study. Neither the U.S. Department of Justice nor the U.S. Department of Homeland Security will have access to company identities. And, again, no data about your company will be shared with other agencies or businesses. To address further questions or concerns regarding the NCSS Privacy Policy, please contact RAND at ncss@rand.org, or toll-free at 1-800-734-5399, Monday through Friday, 8:00 a.m. to 5:00 p.m. Pacific Time.
	NCSS Home \| FAQ \| NCSS Supporters \| Contact Information \| Sponsors RAND® is a registered trademark. Page content is in the public domain. For information on proper citation, please contact RAND's Permissions Manager. Last modified: January 12, 2007 Privacy Policy \| RAND Home