Daily Operations

The Principal Project Officer (PPO) and the System Security Officer (SSO) are responsible for ensuring that access to the restricted-use data is limited to authorized users and that these users only use and access the data in the secure project office that is listed on the Security Plan form. In addition, the original version of the restricted-use data shall be set to read-only. The original version of the restricted data should not to be modified or changed. Only extrapolations and reading of the data are permitted.

The PPO shall retain the original version of the subject data and all copies or extracts of the data at the secure project office listed on the Security Plan form and shall make no copy or extract of the subject data available to a non-Licensed person.

The PPO shall not permit removal of any subject data from the secure project office without first getting approval from IES via the amendment process. The data must not be used at a home or provided to a sub-contractor for off-site use. The data must not be used or saved on a laptop computer, network server, external hard drive, or USB/memory stick.

The PPO will ensure that all draft documents containing restricted-use data are sent to IES for a disclosure review prior to disseminating them to non-Licensed persons. All users on the License are responsible for following the IES policy on submitting research publications for IES review.

Maintaining the License File

The Principal Project Officer (PPO) is accountable for having all pertinent License information in a License File. The PPO maintains the License file at the same location where the restricted-use data are secured. This file must contain the following:

1. A copy of the License,
2. A copy of the Formal Request,
3. Copies of the Privacy Act of 1974, as amended (5 U.S.C. 552a); Section 183 of the Education Sciences Reform Act of 2002 (P.L. 107-279); and Title V, subtitle A of the E-Government Act of 2002 (P.L. 107-347),
4. A copy of the Security Plan form,
5. All License amendment request documents/emails and License amendment approval documents/emails,
6. A current list of all individuals who have access to the data, along with copies of their notarized Affidavits of Nondisclosure, and
7. A copy of the most recent IES policy on submitting research publications to IES for a disclosure review.

The PPO must ensure that all project staff both read and understand all of this material. All individuals who have access to the subject data must be fully aware of all required security procedures.

Submitting Research Publications

Licensees are required to round all unweighted sample size numbers to the nearest ten (nearest 50 for ECLS-B) in all information products (i.e.: proposals, presentations, papers or other documents that are based on or use restricted-use data). Licensees are required to provide a draft copy of each information product that is based on or uses restricted-use data to the IES Data Security Office for a disclosure review. The Licensee must not release the information product to any person not authorized to access the data until formally notified by IES that no potential disclosures were found. This review process usually takes 5-10 business days.

All submissions for disclosure review should be send to IES_DRR@ed.gov with the Disclosure Risk Review Template as an attachment. The subject of the email and the Disclosure Risk Review Template shall be named DRR_LicenseNumber_Institution_AuthorName_YYMMDD.doc (e.g., DRR_123546_HortonU_Seuss_220204.doc). Upon final approval for release, the PPO shall also forward a final digital copy of each information product in its entirety that is based on or uses restricted-use data to the IES Data Security Office to the IES_DRR@ed.gov mailbox.

Response to Outside Requests for Subject Data

The Licensee agrees to notify the IES Data Security Office (IESData.Security@ed.gov) immediately when it receives any legal, investigatory, or other demand for disclosure of subject data, including any request or requirement to provide subject data to any State agency or State contractor under conditions that are inconsistent with any requirement of this License. Time is of the essence in notifying IES of any such request or requirement. The Licensee must also immediately inform the requestor or enforcer of the request that the subject data are protected under the Federal laws of the United States, as specified in the License. The Licensee authorizes IES to revoke the License and, pending the outcome of the penalty procedures under Section VI of the License, to take possession of or secure the subject data, or take any other action necessary to protect the absolute confidentiality of the subject data.

Amending your License

You are required to submit amendments in order to keep IES informed of any modifications in project staff or security procedures throughout the License and data loan period. For example, adding new users to the License or changing the location of the secure project office must be approved by IES via the amendment process. You will also be required to submit a Close-out License request when your License expires or you are finished using the data in order to officially terminate your contract.

All License amendments must be processed through the Electronic Application System. To log onto the Electronic Application System to amend your License,please follow the link below: system login page and use your License number and the PPO’s email address to generate an email with a link to your License. If you have any problems logging into the system, please contact IESData.Security@ed.gov.

NOTE: The system can only process one amendment type at a time, and any pending amendment has to be approved by IES before another amendment can be submitted.

For more information on amending your License, see License Amendments.

Closing your License

If your project is complete, your License is set to expire, or you are leaving the employment of your institution, you will need to close-out your License. You will need to submit a Close-out request online and mail all restricted-use data and all copies of restricted-use data, using a tracking number on your shipment (FedEx or certified U.S. mail), to:

Use the Electronic Application System to submit your Close-out request. To log onto the Electronic Application System, please click the following link: system login page and log in using the PPO’s email address. If you have any problems logging into the system, please contact IESData.Security@ed.gov.

Additionally, you will need to fill out and sign the Close-out Certification Form and include it with your shipment. Once we receive the data and your Close-out Certification Form, you will receive a "close-out approval" email for your records.

Lastly, you will be responsible for purging all copies or sub-sets of the subject data from any computer system used in your research project.

After you have closed your License, please remember that:

1. Any reports or other pre-publication documents that use or contain IES restricted-use data need to be reviewed by the IES Data Security Office prior to their dissemination outside the Licensed research project staff.
2. IES retains the right to conduct a close-out inspection of your License site to ensure that proper close-out procedures were followed.