Student-Level Data Request Form

Oregon Department of Education

This form is the first step in requesting a data-sharing agreement with the Oregon Department of Education (ODE) for secure K-12 data (data containing personally identifiable information, or PII). Secure data includes student-level data as well as aggregated student data that has not been suppressed.

If your request does not require secure data, please review our published reports to see if any of the data there will meet your needs. You can also submit a request for any non-secure data via the public records request process.

All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please be prepared to upload a PTAC 201 certificate of completion at the end of the application.

This form is long, and includes branching logic depending on the nature of your request. Please ensure you have sufficient time to complete it before starting, or draft your responses in advance.

If you have any questions, please contact ode.dgc@ode.oregon.gov.

Request Title

Provide a short description of the title of your study or project.

Request Type

Requests processed as a letter of support will not result in any data transfers. If approved, ODE will provide a letter of support to be shared with funding or governing bodies. Researchers will need to notify the Data Governance Committee when their project is ready to proceed to begin the transfer process. Approved requests for letters of support will be stored to expedite the subsequent request for data.

I am requesting data

I am requesting a letter of support

Contact Information

Please provide this information for a primary point of contact for this data request.

Requestor Name

Job Title/Position

Organization/Employer

Provide the name of the organization to receive the data. If you are working in partnership with an educational entity or FERPA-permitted entity, that information will be provided later in the form.

Phone Number

Phone

Physical Mailing Address

ODE Contact Email (optional)

If there are any ODE staff working with you on this request who should be copied on any communications, please provide their email addresses here.

FERPA

Generally, the Family Educational Rights and Privacy Act (FERPA) requires written consent from parents or “eligible students” (students who are at least 18 years of age or attending a postsecondary institution) in order to release PII from education records. In the absence of written consent, student-level data may not be disclosed unless the request falls under one of two categories:

The Studies Exception

The studies exception allows for the disclosure without consent of personally identifiable information (PII) from education records to organizations conducting studies “for, or on behalf of,” educational agencies or institutions. These studies can only be for the purpose of developing, validating, or administering predictive tests; administering student aid programs; or improving instruction.

The Audit or Evaluation Exception

The audit or evaluation exception allows for the disclosure of PII without consent to authorized representatives of FERPA-permitted entities (i.e., Comptroller General of U.S., U.S. Attorney General, U.S. Secretary of Education, or state and local educational authorities). PII must be used to audit or evaluate a Federal-or state-supported education program, or to enforce or comply with Federal legal requirements that relate to those education programs (audit, evaluation, or enforcement or compliance activity).

Which of the following exceptions does this request fall under?

The Studies Exception

The Audit or Evaluation Exception

I have consent from the families/individuals involved

None of the above (please explain)

Data Collection, Analysis, and Reporting

Overview of data being requested

Specify the inclusion rules of the data being requested (for which school years and which students are you requesting data?)

For example, "All high school students enrolled during school years 2018-19 and 2019-20" or "All English Learners first identified in 2021-22."

Please specify each requested data element and the purpose for each element.

If necessary, please attach a full list of data elements as a supplementary document (attachments may be uploaded at the end of the form). The ODE Data Governance Committee will work with proposers to further define and finalize data.

For an overview of ODE data collections, please see the collection catalog. Descriptions of fields can be found in the collection file formats (note that some values, such as cohort graduation, are calculated by ODE and not directly collected, and so will not appear in the file formats). It is not necessary to identify the specific field names of interest - a clear description of the element you are interested in will help us work with you to identify the best option to meet your needs.

I understand that data requested under this proposal, if granted, may only be used for approved projects under this proposal. Any additional uses must be approved by ODE through an amendment to this proposal.

I agree that data requested under this proposal will not be used for any projects other than those described in this proposal without agreement from ODE.

Yes

Please describe how data will be analyzed.

Please describe how analysis will be reported and to whom.

Include any planned end products (publications, presentations, reports, etc.) of the project.

Also include the disclosure avoidance methods you will take to suppress data to protect student confidentiality (e.g. minimum n size, top/bottom coding thresholds, blurring/perturbation, etc.).

I understand that any reports or publications generated as part of this project must be provided to ODE prior to finalization. ODE will advise the requestor on any revisions needed to protect confidential information.

Yes, I understand and agree to share any reports or publications with ODE prior to finalization

No, I am not able to share any reports or publications generated from this report prior to their release

No reports or publications are anticipated to result from this project

Please enter the projected length of the project (in months/years) or expected project completion date.

Please indicate if there is an externally-imposed deadline for completion of this work, or other key dates related to this request.

I understand that, if approved, all confidential information provided by ODE must be destroyed at the conclusion of this project.

Yes, I agree to destroy all confidential information provided by ODE at the conclusion of this project

No, I am not able to guarantee destruction of data upon project completion

File Upload

All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please upload a PTAC 201 certificate of completion here.

If your application is based on having consent from all participants (or their parents, in the case of minors), please upload a copy of the form used here as well.

Please include any supplementary materials that may help to evaluate your request. Do not include confidential student information here. If you need to transmit confidential information, please check the box below to request a secure file transfer link, and one will be sent to you after your application is received.

Drop your files here

I need to transfer secure files to ODE

Check here if your request requires ODE to receive from you confidential/personally identifiable student information. We will send you a link to submit secure data after your application is received.

I need to transfer secure files to ODE

Data Security

ODE requires that adequate protections are implemented to limit the risk of unauthorized disclosure of sensitive information. Review and respond to the following criteria to describe how the data will be kept secure by your organization.

Access Control

Please address the following questions:

Does your organization have an Access Control Policy?
If yes, please describe, or attach a copy.
If not, how will access to the data be managed to prevent an unauthorized user from accessing it?
How does your organization manage administrative privileges for users?
Where do you intend to store the data? (Ex. Secure server, workstation, etc.)
What physical security controls are in place to prevent unauthorized access to the system used to store data?
Explain the steps you will take to remove our data from your systems after it is no longer required for your project.

Data Loss Prevention

Describe the steps you have taken to prevent the unauthorized sharing of data outside of your organization.

Endpoint Security

Please address the following questions:

Which antivirus software is installed on all devices that will be used to access the data?
Are host firewalls enabled on your systems, and if so, how does your organization ensure secure configuration? (Ex. Windows Defender Firewall managed with Group Policies.)
What steps will be taken to ensure that the data is encrypted at rest?
Please describe the technology controls used to secure your systems against unauthorized access. (Ex. Active Directory login with complex passwords, biometrics, MFA, etc.).
Are security patches distributed to your systems on a regularly scheduled basis?

Network Security

Please address the following questions:

Are your systems protected by a network firewall?
What steps will be taken to ensure that the data is encrypted during transit?
Will your device be connected to a trusted and secure network?
If you perform remote work, is your device configured to use a Remote Access VPN to access resources on your organization’s network?
Will the data be included in any backup tasks? Note: ODE does not permit the requester to duplicate the data we provide.

Other Authorized Users

Please list names and titles of all individuals who will be accessing and using the data in raw or unsuppressed form. Individuals not listed may not access secure ODE data. Enter "N/A" if the primary contact is the only authorized user.

I attest that all information in this form is true, accurate, and complete to the best of my knowledge.

Please type your name below to sign.

Send me a copy of my responses

Report Abuse