Student-Level Data Request Form

Oregon Department of Education


This form is the first step in requesting a data-sharing agreement with the Oregon Department of Education (ODE) for secure K-12 data (data containing personally identifiable information, or PII). Secure data includes student-level data as well as aggregated student data that has not been suppressed.


If your request does not require secure data, please review our published reports to see if any of the data there will meet your needs. You can also submit a request for any non-secure data via the public records request process.


All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please be prepared to upload a PTAC 201 certificate of completion at the end of the application. [This requirement has been temporarily suspended as a result of technical issues with the training site. If you have already completed the training, please attach your certificate; if not, please continue submitting this form and plan to complete the PTAC 201 training when it becomes available.]


This form is long, and includes branching logic depending on the nature of your request. Please ensure you have sufficient time to complete it before starting, or draft your responses in advance.


If you have any questions, please contact ode.dgc@ode.oregon.gov.

Provide a short description of the title of your study or project.

Request Type*

Requests processed as a letter of support will not result in any data transfers. If approved, ODE will provide a letter of support to be shared with funding or governing bodies. Researchers will need to notify the Data Governance Committee when their project is ready to proceed to begin the transfer process. Approved requests for letters of support will be stored to expedite the subsequent request for data.

Contact Information

Please provide this information for a primary point of contact for this data request.

Provide the name of the organization to receive the data. If you are working in partnership with an educational entity or FERPA-permitted entity, that information will be provided later in the form.

Phone

If there are any ODE staff working with you on this request who should be copied on any communications, please provide their email addresses here.

FERPA

Generally, the Family Educational Rights and Privacy Act (FERPA) requires written consent from parents or “eligible students” (students who are at least 18 years of age or attending a postsecondary institution) in order to release PII from education records. In the absence of written consent, student-level data may not be disclosed unless the request falls under one of two categories:


The Studies Exception

The studies exception allows for the disclosure without consent of personally identifiable information (PII) from education records to organizations conducting studies “for, or on behalf of,” educational agencies or institutions. These studies can only be for the purpose of developing, validating, or administering predictive tests; administering student aid programs; or improving instruction.


The Audit or Evaluation Exception

The audit or evaluation exception allows for the disclosure of PII without consent to authorized representatives of FERPA-permitted entities (i.e., Comptroller General of U.S., U.S. Attorney General, U.S. Secretary of Education, or state and local educational authorities). PII must be used to audit or evaluate a Federal-or state-supported education program, or to enforce or comply with Federal legal requirements that relate to those education programs (audit, evaluation, or enforcement or compliance activity).

Which of the following exceptions does this request fall under?*

FERPA has specific rules regarding the content of consent forms. Please be prepared to upload a copy of your FERPA-compliant consent form at the end of this application.

The Studies Exception

The studies exception allows for the disclosure without consent of personally identifiable information (PII) from education records to organizations conducting studies “for, or on behalf of,” educational agencies or institutions.


Eligible institutions include state education agencies, universities, school districts, and similar institutions.


Non-educational government agencies, research groups (even those that specialize in education), for-profit companies (including LLCs and companies owned by universities), independent researchers (including doctoral students), and other entities are not eligible to apply for student-level data unless the request is sponsored by an eligible institution for an allowable purpose.

Study Sponsor Type*

The Audit or Evaluation Exception

The receiving entity must be a State or local educational authority or other FERPA-permitted entity or must be an authorized representative of a State or local educational authority or other FERPA-permitted entity. FERPA-permitted entities include the Comptroller General of U.S., U.S. Attorney General, U.S. Secretary of Education, or state and local educational authorities.

FERPA-permitted Entity*

Please describe the reason for the request and specify how it falls under the Audit or Evaluation Exception. Note: The description must include how the PII from education records will be used.


If you answered "Neither of these" to the FERPA-permitted Entity item above, please explain here as well.

Study Overview

Please offer an overview of the proposed study here. Details of the data elements requested will be collected in the next section.

Please provide a brief overview of your proposed project.

Data Collection, Analysis, and Reporting

Specify the inclusion rules of the data being requested (for which school years and which students are you requesting data?)


For example, "All high school students enrolled during school years 2018-19 and 2019-20" or "All English Learners first identified in 2021-22."

If necessary, please attach a full list of data elements as a supplementary document (attachments may be uploaded at the end of the form). The ODE Data Governance Committee will work with proposers to further define and finalize data.


For an overview of ODE data collections, please see the collection catalog. Descriptions of fields can be found in the collection file formats (note that some values, such as cohort graduation, are calculated by ODE and not directly collected, and so will not appear in the file formats). It is not necessary to identify the specific field names of interest - a clear description of the element you are interested in will help us work with you to identify the best option to meet your needs.

Please provide the estimated total number of individuals (students/teachers/schools, depending on your level of analysis) to be included in the request. If approved, this number will be used to determine insurance requirements for the data-sharing agreement.


ODE's enrollment reports may be helpful to you in making this determination. Estimates that are substantially lower than the actual number of records that are ultimately retrieved may necessitate revising the data-sharing agreement to reflect additional insurance requirements.

I understand that data requested under this proposal, if granted, may only be used for approved projects under this proposal. Any additional uses must be approved by ODE through an amendment to this proposal.*

I agree that data requested under this proposal will not be used for any projects other than those described in this proposal without agreement from ODE.

Include any planned end products (publications, presentations, reports, etc.) of the project.

I understand that any reports or publications generated as part of this project must be provided to ODE prior to finalization. ODE will advise the requestor on any revisions needed to protect confidential information.*
I understand that, in cases where specific districts or schools within a district are publicized in the research results, the proposed publication or document must also be sent to the affected districts and schools.*

Please indicate if there is an externally-imposed deadline for completion of this work, or other key dates related to this request.

I understand that, if approved, all confidential information provided by ODE must be destroyed at the conclusion of this project.*

Please specify the desired medium of release from ODE. ODE typically sends secure data in spreadsheets, using our secure file transfer system, but will try to accommodate requests to use other formats and secure transfer mechanisms when necessary.


Leave blank if ODE's typical method will be acceptable.

All Primary Data Users are required to complete PTAC 201 Training as a condition of eligibility to request access to PII. Please upload a PTAC 201 certificate of completion here.


[This requirement has been temporarily suspended as a result of technical issues with the training site. If you have already completed the training, please attach your certificate; if not, please continue submitting this form and plan to complete the PTAC 201 training when it becomes available.]


If your application is based on having consent from all participants (or their parents, in the case of minors), please upload a copy of the form used here as well.


Please include any supplementary materials that may help to evaluate your request. Do not include confidential student information here. If you need to transmit confidential information, please check the box below to request a secure file transfer link, and one will be sent to you after your application is received.

Drag and drop files here or

Check here if your request requires ODE to receive from you confidential/personally identifiable student information. We will send you a link to submit secure data after your application is received.

Data Security

ODE requires that adequate protections are implemented to limit the risk of unauthorized disclosure of sensitive information. Review and respond to the following criteria to describe how the data will be kept secure by your organization.

Please address the following questions:

  • Does your organization have an Access Control Policy?
  • If not, how will access to the data be managed to prevent an unauthorized user from accessing it?
  • How does your organization manage administrative privileges for users?
  • Where do you intend to store the data? (Ex. Secure server, workstation, etc.)
  • What physical security controls are in place to prevent unauthorized access to the system used to store data?
  • Explain the steps you will take to remove our data from your systems after it is no longer required for your project.


Describe the steps you have taken to prevent the unauthorized sharing of data outside of your organization.

Please address the following questions:

  • Which antivirus software is installed on all devices that will be used to access the data?
  • Are host firewalls enabled on your systems, and if so, how does your organization ensure secure configuration? (Ex. Windows Defender Firewall managed with Group Policies.)
  • What steps will be taken to ensure that the data is encrypted at rest?
  • Please describe the technology controls used to secure your systems against unauthorized access. (Ex. Active Directory login with complex passwords, biometrics, MFA, etc.).
  • Are security patches distributed to your systems on a regularly scheduled basis?

Please address the following questions:

  • Are your systems protected by a network firewall?
  • What steps will be taken to ensure that the data is encrypted during transit?
  • Will your device be connected to a trusted and secure network?
  • If you perform remote work, is your device configured to use a Remote Access VPN to access resources on your organization’s network?
  • Will the data be included in any backup tasks? Note: ODE does not permit the requester to duplicate the data we provide.

Please list names and titles of all individuals who will be accessing and using the data in raw or unsuppressed form. Individuals not listed may not access secure ODE data. Enter "N/A" if the primary contact is the only authorized user.

Please type your name below to sign.

Powered by Smartsheet Modern Logo On Light
Privacy Notice|Report Abuse