EIA’s CIPSEA confidentiality pledge was modified in December 2016, to be consistent with provisions in the Cybersecurity Enhancement Act of 2015. This Act requires the U.S. Department of Homeland Security (DHS) to provide federal civilian agencies’ information technology systems with cybersecurity protection for their Internet traffic. The technology searches Internet traffic in and out of federal civilian agencies in real time for malware signatures. When such a signature is found, the Internet packets that contain malware signatures are moved to a secured area for further inspection by DHS personnel.

Because it is possible that these packets, entering or leaving a statistical agency’s information technology system, may contain a small portion of confidential statistical data, statistical agencies no longer can promise that survey responses will be seen only by statistical agency personnel or their sworn agents. However, EIA can promise that such monitoring will only be used to protect information systems from cybersecurity risks, thereby, in effect, providing stronger protection to the integrity of the respondents’ data submissions.