Skip Navigation
Statistical Standards Program

Licensing Procedures
Frequently Asked Questions

General Questions
Students in need of restricted-use data
Restricted-use data access outside of the United States
Defining the candidates for the Senior Official, Principal Project Officer and Systems Security Officer
Number of users and databases
Getting the data
License extension, renewal, transfer, cancellation

General Questions

How can I get access to restricted-use data?

You can apply for a restricted-use data License.

Also, please download and read the "Restricted-Use Data Procedures Manual" prior to applying for a License.

Is there someone I should contact at my university to see about getting on the university’s License?

We don't License an institution so that all persons at that institution can access restricted-use data. We only License individual researchers at an institution.

Can you tell me which person at my university has a License? I'd like to see if it's possible to be added to an existing License at my organization.

License records maintained by IES include personally identifiable information. Under the Privacy Act, these records constitute a system of records and IES is prohibited from releasing them.

I understand that there are legal responsibilities to protect restricted-use data. Once a License is issued, where does legal liability lie in dealing with restricted-use data?

Legal liability rests with those persons who signed the License documents. The Senior Official (SO) signs the License and Security Plan thereby binding the institution to the License terms and security requirements. The Principle Project Officer (PPO), System Security Officer (SSO), and all authorized data users have the responsibility under law to protect the data and make sure that all security procedures are in place and operating. Each person who has access to the data must:

  1. Read and understand the requirements of the License and Security Plan,
  2. Have a signed and notarized Affidavit of Nondisclosure on file with IES,
  3. Read and understand the information in the "Restricted-Use Data Procedures Manual", and
  4. Receive IES approval as an authorized data user.

If your institution becomes licensed, we will likely conduct an unannounced site inspection to ensure that all security procedures are in place and operating correctly.


Students in need of restricted-use data

I am a doctoral student working on my dissertation. How do I go about applying for a restricted-use data License?

Students may not apply directly for a restricted-use data License nor can they serve as the Principle Project Officer (PPO), Senior Official (SO), or System Security Officer (SSO). Your faculty advisor will have to sponsor and apply for you. You would become an authorized user on your sponsor’s License. You also need to find a Senior Official (SO) who has the legal authority to sign a contract on behalf of your university, and have him/her sign the documents.

Your advisor can apply for the License. For more information, please download and read the "Restricted-Use Data Procedures Manual".

I need to use restricted-use data for my dissertation; may I "append" my own data request to the License of someone else at my university who has access to restricted-use data?

If the PPO is willing to take responsibility for you and for the protection of the data, then the PPO would need to submit an amendment to add you to their License as an authorized user. The add-user amendment process requires you to complete, sign and have notarized an Affidavit of Nondisclosure. The Licensee submits it to IES.

If you need additional data for your research that the PPO does not currently possess, he/she can submit an add-data amendment request after you have been approved as an authorized user.

Note: as an authorized user you are subject to all of the terms of the existing License. In particular, you may only use the data at this Licensee's secure project office. You may not use the data at home or any other location.

I’m a graduate student trying to access restricted-use data for a class project. How can I speed-up the application process?

Students cannot apply for a License. Your professor must submit the application for a License. The timing of an application’s approval is a function of following all of the application instructions carefully and how quickly your professor sends in the requisite signed and notarized paperwork.


Restricted-use data access outside of the United States

I am a professor at a university outside of the United States; how do I get a License for restricted-use data?

IES restricted-use data are governed by U.S. law which is not enforceable outside the United States. Hence, we cannot license researchers to use these data outside the 50 states.

I am at an institution outside of the United States, but am working in cooperation with a colleague at a research center in United States. Would it be possible for me to receive a restricted-use data License?

We cannot license persons who are outside the United States. It would be a violation of the terms of the License if the Licensee/PPO at the U.S. research center shared the data with you to use at your institution. However, you may be added to your U.S. colleague’s License as an authorized user in order for you to access the data at your colleague’s licensed site in the United States

I had access to restricted-use data. However, I am no longer located in the United States. Can I still renew my access to the data?

No. Restricted-use data are only available to persons/institutions in the United States.


Defining the candidates for the Senior Official, Principal Project Officer and Systems Security Officer

Who should I list as the Senior Official (SO) on my restricted-use License application?

The SO has to be a person who has the legal authority to sign a contract (License) on behalf of your university with the Federal government. You will need to check with your sponsored projects office, office of grants and contracts or general counsel’s office to find who this would be at your institution. This person may have to send an email to to confirm their authority to sign as the SO.

Who I should put down as the Systems Security Officer (SSO) for my restricted-use License application?

Sometimes the Principle Project Officer (PPO) can serve as the SSO – but usually this happens at small universities who have limited staff. In other cases, the department IT coordinator or other IT staff who are responsible for IT security should serve as the SSO. SSO must be a full-time employee of the institution to be Licensed.

I am a postdoctoral fellow. As I understand, I can serve as a Principal Project Officer. Can I also serve as the System Security Officer?

In general, a person with Ph.D. employed by a university with a posting of post-doctoral fellow or higher can be the PPO and SSO. The PPO must have a lockable office at the university where the data will be used and secured. Of course, all other License requirements would apply.



I understand that each person who has access to the data has to sign an Affidavit of Nondisclosure. Is it absolutely necessary for the Affidavit to be notarized?

All affidavits must be notarized for a License to be issued. This is required to ensure that the person signing the affidavit is the actual person who is agreeing that they will take legal responsibility for protecting the data and thus can be subject to a felony conviction and/or penalties if there is a data breach.

If the PPO does not need access to the data, is his/her affidavit required?

Yes. The PPO is the person who is assuming responsibility for managing the day-to-day operations associated with the License – protecting the data and managing the research project which uses the subject data. Because the PPO (along with the SSO) is directly responsible for the security of the data, they are required to certify their responsibility to protect the data through a signed, notarized affidavit.

Does the Systems Security Officer (SSO) have to sign an affidavit if they are not using the restricted-use data?

Yes. The SSO signs an Affidavit of Nondisclosure because this person usually has access to the data. Since the SSO ensures that the security procedures are in place to protect the data, they likely will have access to the data. The SSO needs to be a full-time university employee and not a student. The PPO and Senior Official are also legally responsible for the security of the data.

Does the Senior Official (SO) have to sign an affidavit if they are not using the restricted-use data?

If the SO does not have any access to the data, then the SO does not have to sign an affidavit.


Number of users and databases

I have several students who will be using the same restricted-use data for their dissertations; can they each be added to one License?

Yes, IES permits up to six (6) users of the data for different topics on one License. Each user must be listed on the License and IES must be in possession of a signed and notarized Affidavit of Nondisclosure for each user. You will also need to briefly describe all known projects for which the data will be used..

Users on the one License must use the data in the same location. For example, if there were four graduate students under one License/PPO, these students could not use the data in four different locations. Spreading the data across four separate locations presents a larger security risk when compared to use in one location. PPOs in this situation must have one lockable office where all authorized users access the data. (Note that only authorized users are allowed in the secure space that houses the restricted use data.)

My research grant involves the use of several different restricted-use databases. Can I request them all on one License?

Multiple databases can be requested in one application, but please only request those databases that are directly related to your research questions/objectives. A research project description must be provided for each database. You would also need to provide specific justification for each database as to why you need access to the restricted-use version and why the publicly available data cannot be used to conduct your analysis.

Each requested database must be listed in the online License application (Formal Request) and on each Affidavit of Nondisclosure.

I want to get started on my research using the available data, but would like to request the next round of the data that are scheduled to be released later. Do I have to submit a new Affidavit of Nondisclosure when I request the new data?

If you anticipate needing future rounds of the same data, you can specify the existing years and future rounds on the Affidavit of Nondisclosure. This will expedite the processing of a future amendment to add newly-released data to your License.


Getting the data

Can I fax or send a pdf version of the License Document, Affidavits of Nondisclosure, and Security Plan Form?

No. For the License to be fully executed, IES must have the signed originals of all required documents. IES cannot accept copies.

How long will it take for us to get restricted-use data for a new License?

Once IES receives the complete, final set of signed and notarized documents, you should receive the data in about 2 weeks. During this time, your License documents undergo a final review and are then sent to the Commissioner’s Office for review and signature.

Based on IES experience to date with the online License application system, the time it takes from submission of the online application to receipt of the data is variable, with a typical range of 3 to 8 weeks. The completeness of your initial License application documents and your timely response to any IES identified problems with the application are the two major variables that drive the amount of time it takes from application submission to receipt of data.

How long will it take for us to get additional restricted-use data added to an existing License?

If the PPO has an affidavit on file for the requested data, the amendment can be approved within 2 business days. The data are usually shipped the following day and arrives in 3 to 5 business days. This process can take slightly longer if the PPO has to mail IES an updated signed and notarized affidavit for the data.

How long will it take for us to get an authorized user added to an existing License?

Once IES receives the signed and notarized affidavit for the new user, the amendment is approved in 1 business day.

How long will it take to get a revised Security Plan approved for an existing License?

Once IES receives the completed and signed revised Security Plan form, the amendment is approved in 1 business day. This assume that IES did not identify any problems with the revised Security Plan form.

How long will it take to get an existing License renewed?

Most License renewal amendments are approved in about 2 business days. The approval may take slightly longer depending on the outcome of IES’s review of the License file and any additional required paperwork.

How is the restricted data packaged and shipped once a License application is approved?

The data come on an encrypted CD-ROM and shipped to the PPO via certified U.S. mail with a signature required for receipt.

Can IES e-mail me the codebook for a particular survey while my application is being processed?

IES will not send a codebook if the codebook has frequency counts for individual variables. Frequency counts are sensitive information that requires a License. Most IES surveys have questionnaires available online which you may use to familiarize yourself with the data before you receive your restricted-use data.


License extension, renewal, transfer, cancellation

We would like to renew our License for our existing restricted-use data, as well as obtain restricted-use data for the recent waves of the same survey. We would also like to add new users for these data. How should we go about doing this?

You can renew your License via the NCES website. To do this, you will need to logon and access your License information. Use your License number and PPO email address to access your License information (or, you may have already received an email with a direct link to your License information). Then, see instructions for submitting amendments for renewing a License, adding staff, or adding data. Please note that each of these three different amendments must be submitted in the online License system as separate actions. A submitted amendment must be approved by IES before another amendment can be submitted.

I closed my restricted-use data License, but now I am starting another project that requires the use of the same restricted-use data. Is it possible for me to reopen my License and receive the restricted-use CD-ROM, or do I need to start the process all over again?

You will need to apply for a new License.

I have a License for restricted-use data. I am moving to a new university in the near future. Is there a way to transfer my License there, or do I need to close this one and apply for a new one?

You will have to close your existing License and send the data back to IES. Once you are at your new university, you can apply for a new License. Keep in mind that your current university will not want to be responsible for your use of data at your new university.

Section 2.7 of the "Restricted-Use Data Procedures Manual" gives some information on the process for closing out your License. See further information about closing a License.

I started to apply for a restricted-use data License, but my plans changed. Do I need to notify you to cancel my License application?

Yes, please notify immediately if you no longer are applying for the License so we can cancel your application.