Skip Navigation
Statistical Standards Program

Appendix A: Definition of Terms

A | D | I | L | M | P | R | S

The following are definitions of terms associated with access to restricted-use data and that are used within this manual.

The legal term for the right accorded to a licensee to see and utilize the individually identifiable information in a database.

Affidavit of Nondisclosure
A one-page form that is completed by any person who may have access to individually identifiable information. This form contains: (1) the name of the database(s) to be accessed, (2) the wording of an oath not to disclose such information to persons not similarly sworn, (3) a description of the penalties for such disclosure, and (4) the imprint of a notary public.

A document that is completed by a person who is requesting access to individually identifiable information. It specifies the uses to which the data will be put and the agreement to abide by all security requirements imposed by the IES Data Security Office.


The availability or release of a record to anyone other than the subject individual unless duly authorized by License document and Affidavit.


Individually Identifiable Information
Refers specifically to data from any list, record, reponse form, completed survey, or aggregation about an individual(s) from which information about particular individuals or their schools/education institutions may be revealed by either direct or indirect means.


This is a general term that applies to a document that is utilized by the Agency to authorize access to a database, or a subset of a database, containing individually identifiable information. The "License" specifies the obligations imposed on the licensee and the procedures that must be followed in the maintenance of that database. There are three different instruments utilized as Licenses: (1) License, (2) Memorandum of Understanding, and (3) Agency Contract.


To collect, store, use or have available for dissemination when used in connection with the term "record"; and, to have control over or responsibility for a system of records when used in connection with the term "System of Records."


Personal/Individual Identifier
An identifying element associated with an individual, including the individual's name, or Social Security number, any identifying particular assigned to the individual (fingerprint, voiceprint, photograph), or any other identifying number, symbol, unique retriever, or coding device which is assigned to or directly correlates with the individual.

Principal Project Officer (PPO)
The PPO is the researcher in charge of the day-to-day operations involving the use of the subject data and is responsible for liaising with the IES Data Security Office.

Professional/Technical Staff (P/TS)
The P/TS conduct the research, or conduct any analysis, for which the License is issued. Only seven (7) P/TS per License may have password access to subject data unless the IES Data Security Office provides written authorization for a larger number of P/TS. P/TS also includes any non-security/police personnel that have key access to the designated secure project office.

Public Use
This describes any data that are disseminated through IES and are publicly available without restriction. These are survey data that have been coded, aggregated, or otherwise altered to mask individually identifiable information and thus are available to all external users.


This is a descriptor of any data set that contains individually identifiable information that is confidential and protected by law. Special procedures are taken to protect this information, and it can be issued only to licensees on loan.

Routine Use
The description in the Privacy Act of 1974 of the permissible uses of individually identifiable information in a system of records. Except for the use of data for statistical purposes, these routine uses are not permitted for agency databases.


Senior Official (SO)
The SO is the individual who has the authority to bind the organization to the License. The SO is responsible for signing the License, and with his/her signature certifies that: (1) the organization has the authority to undertake the commitments in the License, (2) he/she has the authority to bind the organization to the provisions of the License, and (3) the Principal Project Officer (PPO) is the researcher who has the authority to manage the day-to-day operations of the License.

Subject Data
These are all data containing individually identifiable information collected by, or on behalf of, the Agency that are provided to the licensee and are protected under the terms presented in the executed License. This includes all data/information derived from these data.

Support Staff
In addition to the P/T staff already mentioned, support staff would include any secretaries, typists, computer technicians, and messengers who potentially may have access to the subject data. The licensee may disclose subject data to support staff who come in contact with the subject data in the course of their duties only to the extent necessary to conduct the research under the License.

System of Records
A system of records is any group of records under the control of a federal agency or its contractors from which information may be retrieved by the name of the individual, or by some identifying number, symbol, or other personal identifier. The maintenance of a system of records is published by a notice in the Federal Register. Single records or groups of records which are not retrieved by a personal identifier are not part of a system of records. Papers maintained by individual employees of the Agency which are prepared, maintained, or discarded at the discretion of the employee and which are not subject the Federal Records Act (44 U.S.C. 2901) are not part of a system of records, provided that such personal papers are not permitted to be accessed or reviewed by persons not sworn to confidentiality.

System Security Officer
The SSO is the person responsible for maintaining the day-to-day security of the licensed data. The SSO's assigned duties shall include the implementation, maintenance, and periodic update of the security plan to protect the data in strict compliance with statutory and regulatory requirements.