Skip Navigation
Statistical Standards Program


Chapter Contents

Restricted-Use Data

The Institute of Education Sciences (IES) collects survey and research data containing individually identifiable information, which is confidential and protected by federal law.

IES uses the term "restricted-use data" for such information. The terms "restricted-use data" and "subject data" are synonymous. (See Appendix A, Definition of Terms.)


Public-Use Data

IES uses the term "public-use data" for survey data when the individually identifiable information has been coded or deleted to protect the confidentiality of survey respondents. Access to public-use data does not require a license, for these data are available to the general public. For more information on public-use data, see NCES online catalog at


Overview of Laws

The relevant laws about survey data that contain individually identifiable information are found in the following statutes. More information on these laws is in Chapter 1:

  • The Privacy Act of 1974 and the Computer Security Act of 1987 provide for the security and privacy of personal data maintained by the federal government. These laws pertain to all restricted-use data. Unlawful disclosure is a misdemeanor and is subject to a fine up to $5,000.
  • The Foundations for Evidence-Based Policymaking , Act of 2018 Title III, Part B, Confidential Information Protection mandates the protection of individually identifiable information that is collected by any federal agency for statistical purposes Unauthorized disclosure of these data is a class E felony punishable by up to five years in prison, and/or a fine up to $250,000.
  • The USA Patriot Act of 2001 amended the National Education Statistics Act of 1994 (NESA 1994) by permitting the Attorney General to petition a judge for an ex parte order requiring the Secretary of the Department of Education to provide NCES data that are identified as relevant to an authorized investigation or prosecution of an offense concerning national or international terrorism to the Attorney General.
  • The Education Sciences Reform Act of 2002 (ESRA 2002) incorporated the confidentiality provisions from NESA , as amended, while expanding the coverage from NCES to IES. ESRA requires IES to collect, analyze, and disseminate education data and to protect the confidentiality of individually identifiable information. An unauthorized disclosure is a class E felony, punishable by up to five years in prison, and/or a fine up to $250,000.


Licensing Procedures

IES will lend restricted-use data only to qualified organizations in the United States, using a strict licensing process described in Chapter 2. Individual researchers must apply through an organization (e.g., a university or a research institution). To qualify, an organization must submit:


Security Procedures

Restricted-use data must be kept secure at all times. "Secure" means that the data are protected from unauthorized access or disclosure in accordance with the terms of the License and the specified security procedures outlined in the Security Plan Form. The security procedures described in Chapter 3 include the computer security requirements for the standalone, desktop computer configuration.


On-Site Inspections

Under the terms of the License, IES has the right to conduct unannounced, unscheduled inspections of the data user's site to assess compliance with the terms of the License and the required security procedures. The inspection procedures are described in Chapter 4.