Appendix A: Definition of Terms
A | D | I | L | M | P | R | S
The following are definitions of terms associated with the access to restricted-use
information and that are used within this manual.
- Access
-
The legal term for the right accorded to a licensee to see and utilize
the individually identifiable information in a database.
- Affidavit of Nondisclosure
- A one-page form that is completed by any person who may have access
to individually identifiable information. This form contains: (1) the
name of the database(s) to be accessed, (2) the wording of an oath not
to disclose such information to persons not similarly sworn, (3) a description
of the penalties for such disclosure, and (4) the imprint of a notary
public.
- Application
- A document that is completed by a person who is requesting access
to individually identifiable information. It specifies the uses to which
the data will be put and the agreement to abide by all security requirements
imposed by IES.
Top
- Disclosure
- The availability or release of a record to anyone other than the subject
individual unless duly authorized by license document and Affidavit.
Top
- Individually Identifiable Information
- Refers specifically to data from any list, record, reponse form, completed
survey, or aggregation about an individual(s) from which information
about particular individuals or their schools/education institutions
may be revealed by either direct or indirect means.
Top
- License
- This is a general term that applies to a document that is utilized
by IES to authorize access to a database, or a subset of a database,
containing individually identifiable information. The "license"
specifies the obligations imposed on the licensee and the procedures
that must be followed in the maintenance of that database. There are
three different instruments utilized as licenses: (1) License, (2) Memorandum
of Understanding, and (3) IES Contract.
Top
- Maintain
- To collect, store, use or have available for dissemination when used
in connection with the term "record"; and, to have control
over or responsibility for a system of records when used in connection
with the term "System of Records."
Top
- Personal/Individual Identifier
- An identifying element associated with an individual, including the
individual's name, or social security number, any identifying particular
assigned to the individual (fingerprint, voiceprint, photograph), or
any other identifying number, symbol, unique retriever, or coding device
which is assigned to or directly correlates with the individual.
- Principal Project Officer (PPO)
- The PPO is the researcher in charge of the day-to-day operations involving
the use of the subject data and is responsible for the liaison with
IES. The licensee shall disclose subject data to the PPO on the same
basis as those data are disclosed to professional/technical and support
staff.
- Professional/Technical Staff (P/TS)
- The P/TS conduct the research, or conduct any analysis, for which
the license is issued. Only seven (7) P/TS may have password access
to subject data unless IES provides written authorization for a larger
number of P/TS.
- Public Use
- This describes any data that are disseminated through IES, and are
publicly available without restriction. These are survey data that have
been coded, aggregated, or otherwise altered to mask individually identifiable
information and thus are available to all external users.
Top
- Restricted-Use
- This is a descriptor of any data set that contains individually identifiable
information that is confidential and protected by law. Special procedures
are taken to protect this information, and it can be issued only to
licensees on loan.
- Routine Use
- The description in the Privacy Act of 1974 of the permissible uses
of individually identifiable information in a system of records. Except
for the use of data for statistical purposes, these routine uses are
not permitted for IES databases.
Top
- Senior Official (SO)
- The SO is the individual who has the authority to bind the organization
to the license. The SO is responsible for signing the license, and with
his/her signature certifies that: (1) the organization has the authority
to undertake the commitments in the license, (2) he/she has the authority
to bind the organization to the provisions of the license, and (3) the
Principal Project Officer (PPO) is the researcher who has the authority
to manage the day-to-day operations of the licensee.
- Subject Data
- These are all data containing individually identifiable information
collected by, or on behalf of, IES that are provided to the licensee
and are protected under the terms presented in the executed license.
This includes all data/information derived from these data.
- Support Staff
- In addition to the P/T staff already mentioned, support staff would
include any secretaries, typists, computer technicians, and messengers
who potentially may have access to the subject data. The licensee may
disclose subject data to support staff who come in contact with the
subject data in the course of their duties only to the extent necessary
to conduct the research under the license.
- System of Records
- Any group of records under the control of a federal agency or its
contractors from which information may be retrieved by the name of the
individual, or by some identifying number, symbol, or other personal
identifier. The maintenance of a System of Records is published by a
notice in the Federal Register. Single records or groups of records
which are not retrieved by a personal identifier are not part of a system
of records. Papers maintained by individual employees of IES which are
prepared, maintained, or discarded at the discretion of the employee
and which are not subject the Federal Records Act (44 U.S.C. 2901) are
not part of a system of records, provided that such personal papers
are not permitted to be accessed or reviewed by persons not sworn to
confidentiality.
- System Security Officer
- The SSO is the person responsible for maintaining the day-to-day security
of the licensed data. The SSO's assigned duties shall include the implementation,
maintenance, and periodic update of the security plan to protect the
data in strict compliance with statutory and regulatory requirements.
Top