Also, please download and read the "Restricted-Use Data Procedures Manual" prior to applying for a License.

Legal liability rests with those persons who signed the License documents. The Senior Official (SO) signs the License and Security Plan thereby binding the institution to the License terms and security requirements. The Principle Project Officer (PPO), System Security Officer (SSO), and all authorized data users have the responsibility under law to protect the data and make sure that all security procedures are in place and operating. Each person who has access to the data must:

1. Read and understand the requirements of the License and Security Plan,
2. Have a signed and notarized Affidavit of Nondisclosure on file with IES,
3. Read and understand the information in the "Restricted-Use Data Procedures Manual", and
4. Receive IES approval as an authorized data user.

If your institution becomes licensed, we will likely conduct an unannounced site inspection to ensure that all security procedures are in place and operating correctly.

Students may not apply directly for a restricted-use data License nor can they serve as the Principle Project Officer (PPO), Senior Official (SO), or System Security Officer (SSO). Your faculty advisor will have to sponsor and apply for you. You would become an authorized user on your sponsor’s License. You also need to find a Senior Official (SO) who has the legal authority to sign a contract on behalf of your university, and have him/her sign the documents.

Your advisor can apply for the License. For more information, please download and read the "Restricted-Use Data Procedures Manual".

If the PPO is willing to take responsibility for you and for the protection of the data, then the PPO would need to submit an amendment to add you to their License as an authorized user. The add-user amendment process requires you to complete, sign and have notarized an Affidavit of Nondisclosure. The Licensee submits it to IES.

If you need additional data for your research that the PPO does not currently possess, he/she can submit an add-data amendment request after you have been approved as an authorized user.

Note: as an authorized user you are subject to all of the terms of the existing License. In particular, you may only use the data at this Licensee's secure project office. You may not use the data at home or any other location.

Students cannot apply for a License. Your professor must submit the application for a License. The timing of an application’s approval is a function of following all of the application instructions carefully and how quickly your professor sends in the requisite signed and notarized paperwork.

IES restricted-use data are governed by U.S. law which is not enforceable outside the United States. Hence, we cannot license researchers to use these data outside the 50 states.

We cannot license persons who are outside the United States. It would be a violation of the terms of the License if the Licensee/PPO at the U.S. research center shared the data with you to use at your institution. However, you may be added to your U.S. colleague’s License as an authorized user in order for you to access the data at your colleague’s licensed site in the United States

No. Restricted-use data are only available to persons/institutions in the United States.

The SO has to be a person who has the legal authority to sign a contract (License) on behalf of your university with the Federal government. You will need to check with your sponsored projects office, office of grants and contracts or general counsel’s office to find who this would be at your institution. This person may have to send an email to IESData.Security@ed.gov to confirm their authority to sign as the SO.

Sometimes the Principle Project Officer (PPO) can serve as the SSO – but usually this happens at small universities who have limited staff. In other cases, the department IT coordinator or other IT staff who are responsible for IT security should serve as the SSO. SSO must be a full-time employee of the institution to be Licensed.

In general, a person with Ph.D. employed by a university with a posting of post-doctoral fellow or higher can be the PPO and SSO. The PPO must have a lockable office at the university where the data will be used and secured. Of course, all other License requirements would apply.

All affidavits must be notarized for a License to be issued. This is required to ensure that the person signing the affidavit is the actual person who is agreeing that they will take legal responsibility for protecting the data and thus can be subject to a felony conviction and/or penalties if there is a data breach.

Yes. The PPO is the person who is assuming responsibility for managing the day-to-day operations associated with the License – protecting the data and managing the research project which uses the subject data. Because the PPO (along with the SSO) is directly responsible for the security of the data, they are required to certify their responsibility to protect the data through a signed, notarized affidavit.

Yes. The SSO signs an Affidavit of Nondisclosure because this person usually has access to the data. Since the SSO ensures that the security procedures are in place to protect the data, they likely will have access to the data. The SSO needs to be a full-time university employee and not a student. The PPO and Senior Official are also legally responsible for the security of the data.

If the SO does not have any access to the data, then the SO does not have to sign an affidavit.

Yes, IES permits up to six (6) users of the data for different topics on one License. Each user must be listed on the License and IES must be in possession of a signed and notarized Affidavit of Nondisclosure for each user. You will also need to briefly describe all known projects for which the data will be used..

Users on the one License must use the data in the same location. For example, if there were four graduate students under one License/PPO, these students could not use the data in four different locations. Spreading the data across four separate locations presents a larger security risk when compared to use in one location. PPOs in this situation must have one lockable office where all authorized users access the data. (Note that only authorized users are allowed in the secure space that houses the restricted use data.)

Multiple databases can be requested in one application, but please only request those databases that are directly related to your research questions/objectives. A research project description must be provided for each database. You would also need to provide specific justification for each database as to why you need access to the restricted-use version and why the publicly available data cannot be used to conduct your analysis.

Each requested database must be listed in the online License application (Formal Request) and on each Affidavit of Nondisclosure.

If you anticipate needing future rounds of the same data, you can specify the existing years and future rounds on the Affidavit of Nondisclosure. This will expedite the processing of a future amendment to add newly-released data to your License.

No. For the License to be fully executed, IES must have the signed originals of all required documents. IES cannot accept copies.

Once IES receives the complete, final set of signed and notarized documents, you should receive the data in about 2 weeks. During this time, your License documents undergo a final review and are then sent to the Commissioner’s Office for review and signature.

Based on IES experience to date with the online License application system, the time it takes from submission of the online application to receipt of the data is variable, with a typical range of 3 to 8 weeks. The completeness of your initial License application documents and your timely response to any IES identified problems with the application are the two major variables that drive the amount of time it takes from application submission to receipt of data.

If the PPO has an affidavit on file for the requested data, the amendment can be approved within 2 business days. The data are usually shipped the following day and arrives in 3 to 5 business days. This process can take slightly longer if the PPO has to mail IES an updated signed and notarized affidavit for the data.

Once IES receives the signed and notarized affidavit for the new user, the amendment is approved in 1 business day.

Once IES receives the completed and signed revised Security Plan form, the amendment is approved in 1 business day. This assume that IES did not identify any problems with the revised Security Plan form.

Most License renewal amendments are approved in about 2 business days. The approval may take slightly longer depending on the outcome of IES’s review of the License file and any additional required paperwork.

The data come on an encrypted CD-ROM and shipped to the PPO via certified U.S. mail with a signature required for receipt.

IES will not send a codebook if the codebook has frequency counts for individual variables. Frequency counts are sensitive information that requires a License. Most IES surveys have questionnaires available online which you may use to familiarize yourself with the data before you receive your restricted-use data.

You can renew your License via the NCES website. To do this, you will need to logon and access your License information. Use your License number and PPO email address to access your License information (or, you may have already received an email with a direct link to your License information). Then, see instructions for submitting amendments for renewing a License, adding staff, or adding data. Please note that each of these three different amendments must be submitted in the online License system as separate actions. A submitted amendment must be approved by IES before another amendment can be submitted.

You will need to apply for a new License.

You will have to close your existing License and send the data back to IES. Once you are at your new university, you can apply for a new License. Keep in mind that your current university will not want to be responsible for your use of data at your new university.

Section 2.7 of the "Restricted-Use Data Procedures Manual" gives some information on the process for closing out your License. See further information about closing a License.

Yes, please notify IESData.Security@ed.gov immediately if you no longer are applying for the License so we can cancel your application.