Student-Level Data Request Form

Oregon Department of Education


This form is the first step in requesting a data-sharing agreement with the Oregon Department of Education (ODE) for secure K-12 data (data containing personally identifiable information, or PII). Secure data includes student-level data as well as aggregated student data that has not been suppressed.


If your request does not require secure data, please review our published reports to see if any of the data there will meet your needs. You can also submit a request for any non-secure data via the public records request process.


All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please be prepared to upload a PTAC 201 certificate of completion at the end of the application.


This form is long, and includes branching logic depending on the nature of your request. Please ensure you have sufficient time to complete it before starting, or draft your responses in advance.


If you have any questions, please contact ode.dgc@ode.oregon.gov.

 

Provide a short description of the title of your study or project.

 

Requests processed as a letter of support will not result in any data transfers. If approved, ODE will provide a letter of support to be shared with funding or governing bodies. Researchers will need to notify the Data Governance Committee when their project is ready to proceed to begin the transfer process. Approved requests for letters of support will be stored to expedite the subsequent request for data.

 

Contact Information

Please provide this information for a primary point of contact for this data request.

 
 
 

Provide the name of the organization to receive the data. If you are working in partnership with an educational entity or FERPA-permitted entity, that information will be provided later in the form.

 
 
Phone
 
 
 

If there are any ODE staff working with you on this request who should be copied on any communications, please provide their email addresses here.

 

FERPA

Generally, the Family Educational Rights and Privacy Act (FERPA) requires written consent from parents or “eligible students” (students who are at least 18 years of age or attending a postsecondary institution) in order to release PII from education records. In the absence of written consent, student-level data may not be disclosed unless the request falls under one of two categories:


The Studies Exception

The studies exception allows for the disclosure without consent of personally identifiable information (PII) from education records to organizations conducting studies “for, or on behalf of,” educational agencies or institutions. These studies can only be for the purpose of developing, validating, or administering predictive tests; administering student aid programs; or improving instruction.


The Audit or Evaluation Exception

The audit or evaluation exception allows for the disclosure of PII without consent to authorized representatives of FERPA-permitted entities (i.e., Comptroller General of U.S., U.S. Attorney General, U.S. Secretary of Education, or state and local educational authorities). PII must be used to audit or evaluate a Federal-or state-supported education program, or to enforce or comply with Federal legal requirements that relate to those education programs (audit, evaluation, or enforcement or compliance activity).

 
 

Data Collection, Analysis, and Reporting

 

Specify the inclusion rules of the data being requested (for which school years and which students are you requesting data?)


For example, "All high school students enrolled during school years 2018-19 and 2019-20" or "All English Learners first identified in 2021-22."

 
 

If necessary, please attach a full list of data elements as a supplementary document (attachments may be uploaded at the end of the form). The ODE Data Governance Committee will work with proposers to further define and finalize data.


For an overview of ODE data collections, please see the collection catalog. Descriptions of fields can be found in the collection file formats (note that some values, such as cohort graduation, are calculated by ODE and not directly collected, and so will not appear in the file formats). It is not necessary to identify the specific field names of interest - a clear description of the element you are interested in will help us work with you to identify the best option to meet your needs.

 
 

I agree that data requested under this proposal will not be used for any projects other than those described in this proposal without agreement from ODE.

 
 
 

Include any planned end products (publications, presentations, reports, etc.) of the project.


Also include the disclosure avoidance methods you will take to suppress data to protect student confidentiality (e.g. minimum n size, top/bottom coding thresholds, blurring/perturbation, etc.).

 
 
 

Please indicate if there is an externally-imposed deadline for completion of this work, or other key dates related to this request.

 
 

All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please upload a PTAC 201 certificate of completion here.


If your application is based on having consent from all participants (or their parents, in the case of minors), please upload a copy of the form used here as well.


Please include any supplementary materials that may help to evaluate your request. Do not include confidential student information here. If you need to transmit confidential information, please check the box below to request a secure file transfer link, and one will be sent to you after your application is received.

Drop your files here
 

Check here if your request requires ODE to receive from you confidential/personally identifiable student information. We will send you a link to submit secure data after your application is received.

 

Data Security

ODE requires that adequate protections are implemented to limit the risk of unauthorized disclosure of sensitive information. Review and respond to the following criteria to describe how the data will be kept secure by your organization.

 

Please address the following questions:

  • Does your organization have an Access Control Policy?
  • If yes, please describe, or attach a copy.
  • If not, how will access to the data be managed to prevent an unauthorized user from accessing it?
  • How does your organization manage administrative privileges for users?
  • Where do you intend to store the data? (Ex. Secure server, workstation, etc.)
  • What physical security controls are in place to prevent unauthorized access to the system used to store data?
  • Explain the steps you will take to remove our data from your systems after it is no longer required for your project.
 
 

Describe the steps you have taken to prevent the unauthorized sharing of data outside of your organization.

 
 

Please address the following questions:

  • Which antivirus software is installed on all devices that will be used to access the data?
  • Are host firewalls enabled on your systems, and if so, how does your organization ensure secure configuration? (Ex. Windows Defender Firewall managed with Group Policies.)
  • What steps will be taken to ensure that the data is encrypted at rest?
  • Please describe the technology controls used to secure your systems against unauthorized access. (Ex. Active Directory login with complex passwords, biometrics, MFA, etc.).
  • Are security patches distributed to your systems on a regularly scheduled basis?
 
 

Please address the following questions:

  • Are your systems protected by a network firewall?
  • What steps will be taken to ensure that the data is encrypted during transit?
  • Will your device be connected to a trusted and secure network?
  • If you perform remote work, is your device configured to use a Remote Access VPN to access resources on your organization’s network?
  • Will the data be included in any backup tasks? Note: ODE does not permit the requester to duplicate the data we provide.
 
 

Please list names and titles of all individuals who will be accessing and using the data in raw or unsuppressed form. Individuals not listed may not access secure ODE data. Enter "N/A" if the primary contact is the only authorized user.

 
 

Please type your name below to sign.