FAQs for External Data Requests

Data Request Overview

What is a data request?

The NYCDOE’s Data Request Committee (DRC), situated within the Research and Policy Support Group (RPSG), manages the external data request process, including receiving, reviewing, approving, and fulfilling data requests from external researchers and research organizations. Most external requests submitted to the DRC for administrative data are for research and evaluation purposes. An external data request is typically required in order to access the following data:

  1. Individual-level administrative data on NYCDOE students or staff
  2. Aggregate-level administrative data not available publicly.

What datasets are available to researchers?

Publicly Available Data (does not require a data request)

Before submitting an external data request, we strongly encourage researchers to first explore the aggregate-level data already publicly available on NYC Data webpage or NYC Open Data, including data on:

  • School enrollment and demographics
  • Attendance
  • NYC School Survey results
  • School Quality Reports
  • New York State ELA and Math assessment results
  • Graduation outcomes.

*Note: Due to the COVID-19 pandemic, not all datasets are available for the 2019-20 and 2020-21 school year

Reports prepared for the New York City Council are also available here, and NYCDOE financial data and reports are available here.

Data not Publicly Available (requires a data request)

The following list provides information on data available to researchers and outside organizations. The datasets are produced annually and include individual-level records. Each dataset described below contains a separate file for each school year unless otherwise noted.

Please note that requests for any of the data listed below will require detailed justification from the requestor. If the justification is not satisfactory the program team may reject the request for data. 

  • Student Demographics - dataset contains student-level demographic and enrollment records for students enrolled at any point between October 31st and June 30th.
  • Audited Register * - dataset contains student-level demographic records of all active students as of the Audited Register date (typically October 31st of the school year).
  • Transactions – dataset contains student-transaction level records documenting each time a student is admitted or discharged from a NYC DOE school. 
  • Student Attendance - dataset contains students’ school-level records of the number of days a student has been present and absent for a given month/school year.
  • New York State Graduation Status - dataset contains the student-level records of graduation outcomes.
  • New York State Regents Examinations - dataset contains student-level exam results from the New York State Regents exams, including all administrations: January, June, and August. 
  • New York State Mathematics & English Language Arts (ELA) Exams - dataset contains student-level exam results of the New York State Math & ELA Assessments administered to students in grades 3 through
  • New York State Science Exams - dataset contains student-level exam results of the New York State Science Assessment administered to students in grades 4 & 8.
  • New York State Identification Test for English Language Learners (NYSITELL) - dataset contains student-level exam results from the NYSITELL, administered to students to determine eligibility for English Language Learner (ELL) instructional services.
  • New York State English as a Second Language Achievement Test (NYSESLAT) - dataset contains student-level exam results from the NYSESLAT, administered to students in order to be placed out of ELL status.
  • SAT - dataset contains student-exam level exam results from the SAT, administered by the College Board.
  • PSAT - dataset contains student-exam level exam results from the PSAT, administered by the College Board. 
  • Advanced Placement (AP) Exams - dataset contains student-exam level exam results from the AP, administered by the College Board.
  • Gifted and Talented (G&T) - dataset contains student-level records of students who registered to take the G&T test.
  • The Specialized High School Admissions Test (SHSAT) * - dataset contains student-level exam results of 8th and 9th grades students who took the test and were admitted to New York City’s eight specialized high schools (not including Fiorello H. LaGuardia High School of Music & Art and Performing Arts).
  • Credit Accumulation - dataset contains records of all high school credits earned by students within a school year (this is not course level).
  • High School Grade Point Average (GPA) - dataset contains student-level records including overall GPA as well as GPA by subject.
  • Courses and Grades - dataset contains records of all credit-bearing courses in which students received a final grade.
  • Postsecondary Enrollment - dataset contains student-level records of postsecondary enrollment, including whether a student enrolled in a two- or four-year college, vocational program, or public service within six months of their scheduled graduation date.
  • College Degree Attainment - dataset contains student-level records on the total number and types of college degrees earned by students within six years of their on-time four-year high school graduation date.
  • College Readiness - dataset contains student-level records for students in the 4-year graduation cohort of a school year meeting College Ready standards in English and mathematics.
  • Teacher Pedagogue * - dataset contains staff-level records of educators and school-based staff who work closely with students.
  • Student Linkage to Teachers * - dataset contains student-course level records that match a course's primary teacher to each student enrolled in the course. 
  • The High School Applications Processing System (HSAPS) - dataset contains student-level records of high school applications and placements. 
  • The Middle School Admissions Processing System (MSAPS) * - dataset contains student-level records of middle school applications and placements.
  • Kindergarten Admissions (KAPS) * - dataset contains student-level records of kindergarten applications and placements.
  • Pre-Kindergarten (Pre-K) Enrollment - dataset contains Pre-K site information along with student-level records of students that were enrolled in Pre-K for a school year.
  • Overage/Under-Credited (OA/UC) - dataset contains student-level records of students determined to be overage and under-credited.
  • Fitnessgram - dataset contains student-level physical fitness assessment data. 
  • Zoned District Borough Number (DBN) - dataset contains student-level records of students’ elementary, middle, and high school zone of residence.
  • Location Code Generation and Management System (LCGMS) - dataset contains school-level information on school buildings and locations.

* Requires additional review by specific program teams.

To download the above list of datasets, click here.

Note: Due to the COVID-19 pandemic, not all datasets are available for the 2019-20 and 2020-21 school year

Should a NYCDOE administrator submit a data request for their official duties? 

No, NYCDOE Central administrators seeking data from a NYCDOE source system for their NYCDOE work responsibilities should submit a request to the Office of Data Management using this form (NYCDOE login credential required). The process for requesting individual student records or transcripts is outlined here.

Current and former NYCDOE employees seeking data outside of their NYCDOE work responsibilities should submit a data request (For more information see What if I am NYCDOE employee and a researcher?

What if I am NYCDOE employee and a researcher?

Current and former NYCDOE employees seeking data outside of their NYCDOE work responsibilities (e.g., a teacher conducting research as a part of a doctoral program) should submit a data request.

Note that there are separate regulations regarding the access of individual-level data for current and former employees. Current and former employees that are seeking data on their former students or staff must receive a waiver from the Conflicts of Interest Board (COIB). In order to do this, current and former employees should reach out to the Ethics Officer to clarify if a Conflicts of Interest (COI) waiver is needed prior to submitting a data request. The COI waiver or documentation must be attached at the end of the data request form.

Process Overview

What do I need before I begin a data request?

The following are items you will need before beginning the data request process:

  • Must be affiliated and receive support from a US institution/organization. For more information, see Can I submit a data request without an institutionally backed project?
  • The affiliated Institution must be willing to sign a Non-Disclosure Agreement (NDA) with the NYCDOE. For more information see How do I execute a Non-Disclosure Agreement (NDA)?
  • Secure NYCDOE data
  • Must be able to adhere to the requirements of the Family Educational Rights and Privacy Act (FERPA) and/or meet a FERPA exception if you intend to access individual-level student data. See here for more information on FERPA exception.
  • Institutional Review Board (IRB) review/approval (if applicable) See here for more information on NYCDOE IRB submission.

For more information, see What’s included in the data request Form?

How does the data request process work?

If you are planning to request individual-level student data, you must adhere to the requirements of the Family Educational Rights and Privacy Act (FERPA) and New York Education Law 2-d. To adhere to FERPA requirements, you will need to obtain parental consent for the release of student’s data OR provide evidence that the study meets one of the FERPA exceptions. Individuals requesting student-level data must be sponsored by a U.S.-based institution. For more information regarding the use of the FERPA exception categories, see How do I access identifiable student data.

Data requests are submitted via our IRBManager system. For more information on using the IRBManager, please see How can I submit a data request?

Once the request has been submitted, it will go through the following review and approval process:

  • Receive data request
  • Prescreen data request
  • Data Request Committee review & determination
  • Execute the Non-Disclosure Agreement
  • Process data request
  • Data deleted/destroyed and study closed

For information on the requirements for receiving NYCDOE data via a data request submission, please see What do I need before I begin a data request?

What happens after I submit a data request?

The Data Request Committee (DRC) must review and approve all requests for NYCDOE records before data may be shared with external researchers and organizations. The following section outlines the process once a completed data request form is submitted.

  • Receive data request - the data request form is submitted via IRBManager.
  • Prescreen data request - the submission is reviewed by the Data Request Manager to ensure completeness and accuracy.
    • The submitted data request form will receive a prescreen, generally 2 weeks after submission.
    • Forms deemed incomplete or inconsistent will be returned to you via IRBManager and can be re-submitted for another prescreening round.
  • Data Request Committee (DRC) review & determination - submissions approved during the prescreening stage will be assigned to the Committee for review.
    • Data request forms sent to the committee will be reviewed within 2 weeks after passing the prescreening stage.
      • Forms may be returned to you via IRBManager at this stage if additional modifications or clarification is required before a determination may be made. You may also include a separate document (at the end of the re-submitted data request form) to address any issues identified by the DRC.
      • Please note that this process may be delayed if the researcher does not provide the requested information or justification in a timely manner.
    • For studies that include a district sponsor, the DRC may engage with the sponsor at this stage to better understand the context of the study and the NYCDOE’s engagement. For more information, see What is a District Sponsor.
    • Requests will be approved or rejected at this stage. Rejected submissions will not proceed further in the data request process. If a submission is rejected, it should NOT be resubmitted as a new data request.
  • Execute the Non-Disclosure Agreement (NDA) – once a request is approved, the DRC will send a copy of the NDA to you to initial and then send to your organization’s signatory official: for more information on the NDA see How do I execute a Non-Disclosure Agreement?
    • No data may be transferred by the NYCDOE until the NDA has been fully executed.
    • Note that modifications to the standard NYCDOE NDA will result in a delay in the data request process as all changes must be reviewed and approved by NYCDOE legal counsel.
  • Process data request – after compiling the requested and approved data, the Committee will upload all files to the secure File Transfer Protocol (or other secure transmission methods as detailed in the data request form) and alert you that the data is available.
    • The DRC will process data requests within 4 weeks of receiving the signed NDA. Note that the timeline for this stage may be extended based on the complexity of the request. As an example, requests involving matching student records or data not currently managed by RPSG will inherently take longer to process.
    • Unless an alternative transmission method is indicated on the data request form, the DRC will create a secure File Transfer Protocol account (sFTP) for you and provide them with the necessary login credentials.
    • For studies involving parental or subject consent, consent forms and catalogs should only be transferred to the NYCDOE via the sFTP or a similar transmission method. Signed consent forms should NOT be emailed or included in the data request form, only the consent form template can be included in the data request form.
    • Note that NYCDOE’s Information Technology (IT) Department makes periodic sweeps of the sFTP accounts, so you should download all files within two weeks of transmission.
  • Data deleted/destroyed and Study closed – at the conclusion of the project (i.e., the end term specified in the NDA), you should:
    • Destroy, delete, or transfer all data per the terms set in the NDA.
      • Unless a project continuation is approved and a new NDA is signed prior to the expiration of the original agreement, data must be destroyed, deleted, or transferred.
    • Submit your publication(s) and/or final work product(s), as outlined in the NDA.
    • Complete the study closure short-form.
      • The form will be emailed to you directly at the conclusion of the project.
      • Submit the certificate of data destruction; the certificate may be found at the end of the NDA but can also be re-sent by request.

The Data Request Committee (DRC) will not be able to approve future data requests until these steps are completed.

  • Additionally, you may be invited to give a short presentation to interested policymakers at the NYCDOE. While this is not a requirement of the data request process, we strongly encourage researchers to share their findings in order to improve future policy and programming decision-making for students and schools.

Important: There are several points that can delay the full turn-around time of a data request.

  • Incomplete or inconsistent responses will result in submissions being returned to you for clarification.
  • Requests that do not comply with NYCDOE rules, regulations, or policies will result in submissions being returned for modification.
  • Requested edits to the NDA document can significantly delay the data request process.
  • Studies that involve complex processes (e.g., student matching) or require non-standard data, may also take significantly longer.

What is included in the data request form?

The data request form is located in IRBManager. There are several sections within the form that you must complete prior to final submission. Please note that only completed forms may be submitted to the Data Request Committee (DRC) for review. Below is an outline of the various sections of the form and details on what information is needed to complete and submit a data request form. You and all individuals who will have access to the data being requested should review the following elements prior to starting the data request form. Additionally, please review the help text embedded in the data request form when submitting responses.

Contact Information

The form will ask you to:

  • List all individuals who will have access to the requested data.
    • All individuals who will have access to the requested data must have IRBManager accounts that must be set up prior to starting the data request form.
    • All individuals named on the data request form must be affiliated with an organization that can sign a Non-Disclosure Agreement (NDA) with the NYCDOE. 
  • Provide the organization’s legal name and address as these responses will be used when drafting the NDA. 
  • Provide the name of the sponsoring organization, if you(s) are working on behalf of or were hired by a third-party organization.

Research Information

Description of Study, Hypotheses, and Methodology

You will be asked to identify the purpose of the study, the hypotheses that will be tested, and detail regarding the methodology of the study. Additionally, you will be expected to identify the educational value or benefit to the NYCDOE as a result of the study’s findings. Incomplete responses to these questions will not be accepted and will likely delay the Committee’s review.

Data Details

Description of Data need
  • You will be asked to describe the data you are requesting in detail. Ensure your responses are consistent across questions in the form.
    • Years of data
      • Select the school years for which you are requesting data.
      • You may only select school years through the prior school year.
      • If you need data for future years, you must:
        • Indicate in the form that you intend to request data in the future for this project (this response is non-binding)
        • Submit an amendment or new data request once the data becomes available.
      • Data prior to the 2004-05 school year is available on a limited basis but is generally less reliable than data from later years.
    • Longitudinal studies
      • For longitudinal studies, the form asks if the study will follow grades or cohorts. Studies focused on a specific grade-level over time should select the “grade level” option while studies following a specific cohort of students over time should select the “cohort” option.
        • For example, if a study aims to examine the change in enrollment patterns over time and the study team is interested in looking at successive waves of Grade 9 admissions data, “grade-level” should be selected.
        • Conversely, if a study aims to assess the impact of a specific Grade 5 intervention on students over time and a study team is interested in looking at the same student’s performance later in middle and high school, “cohort” should be selected.
    • Schools
      • You will need to articulate which schools are of interest to the study. If you are requesting citywide data, there is an option to indicate all schools. For requests involving a subset of schools, you must use the template embedded in the data request form. A link to the NYCDOE’s database of schools, Location Code Generation and Management System (LCGMS) is available to allow you to identify school codes (i.e., DBNs) and other school characteristics. 
    • Datasets

      When selecting the dataset, you will need to:

      • Use the drop-down menu to select all datasets you are requesting.
      • Use the "Other" option and specify the data elements needed if a dataset you need is not listed.
        • Note that requesting data not listed in the drop-down menu may substantially increase the approval or processing time of the request, dependent upon data availability.
      • Explain how the data will contribute to the analysis/findings, for each dataset selected.

Note: Forms with insufficient or incomplete explanations will be returned for clarification.

  • You should include all data to be used or accessed for this project, including any data that was obtained via a prior data request or via another source (for example, gathering data from the National student clearinghouse data.). In the subsequent “explanation” questions, you may articulate which data elements, if any, they already have access to via a separate project.
  • You will also be asked if the request requires the transmission of direct identifiers (e.g., name, date of birth, address, contact information, and non-coded ID number). The Data Request Committee (DRC) rarely approves requests involving direct identifiers without parental consent. If the request requires this information, you will be required to provide an explanation. Note that all individuals with access to student direct identifiers are required to undergo a NYCDOE background check, per Office of Personnel Investigation (OPI) regulations. For requests that include direct identifiers as a way of matching NYCDOE records to external records, see How do I submit a data request that involves matching student records?
Data Security, Storage, and Privacy

You must detail the security, storage, and privacy protections employed by your institution to ensure that NYCDOE data is securely protected. Responses provided in this section will be included in the Parents Bill of Rights (PBoR) appendix of the Non-Disclosure Agreement (NDA) to be signed by your institution/organization and the NYCDOE. As a result, it is imperative that the responses in this section are accurate and complete. The following provides additional context for the questions in this section. 

  • The first question in this section asks if the request involves personally identifiable information (PII). The NYCDOE considers all individual-level data to be identifiable, even in instances where direct identifiers are removed. If you are requesting any individual-level data, you are requesting PII.
  • You will be asked to provide a brief project description. This response will be included in the PBoR section of the NDA, so responses must contain a complete description of the project and should not simply refer to other parts of the form, and should be limited to 200 words.
    • Note that data must be destroyed, deleted, or transferred when the Non-Discloser Agreement (NDA) expires. If you plan on renewing the NDA at the completion of the original agreement, then you should select one of the three options in case a renewal agreement is not signed by the end date of the original NDA. Any new NDA will supersede the response provided in this section.
  • Additionally, you are required to provide a narrative description of how data will be destroyed, deleted, or transferred. Incomplete responses will delay the review process. For more information on how data is destroyed, deleted, or transferred, consult your organization’s IT department.
    • You may select the date the data will be destroyed, deleted, or transferred (i.e., the project conclusion); this will serve as the end date of the NDA. NDAs typically cover a two-year period, but the DRC may approve a different agreement duration on a case-by-case basis.
  • A narrative description of the data security plan is required to ensure the protection of student and staff information. This includes but is not limited to: data encryption, security of the transmission process, and provisions to prevent unauthorized access. Again, it is recommended that you consult your organization’s IT department for more information related to the data security plan.
  • Additionally, the form includes a checklist of minimum-security requirements, you must agree to all of the following terms in order to receive approval for the data request:
    • Have a risk management strategy to identify and detect data security incidents.
    • Have data security protocols and procedures in place to protect data assets.
    • Have a security incident monitoring system in place to identify cybersecurity events.
    • Have a data incident response plan in place and a mitigation procedure to ensure an effective response and containment response to any security breach.
    • Have a recovery process in place to ensure restoration of systems or assets affected by a security incident; and
    • Have set access controls such that access is only provided to staff with a need to use the information for the purposes of the study/research.
  • Data must remain encrypted both in motion and at rest. The Data Request Committee (DRC) may not approve any request that does not agree to this provision.

IRB Documentation

While Institutional Review Board (IRB) approval for data requests is not required, you should consult your organization’s IRB to determine if IRB review and approval is warranted. Studies that only include a request for NYCDOE data (e.g., studies that do not also involve primary data collection) do not require NYCDOE IRB approval unless the study was determined to be human subjects' research by an external IRB.

If you received IRB approval, then you should include approval documentation with the data request submission. However, if you do not receive IRB approval, then you will be asked to explain why IRB approval was not sought or received.

Attachments

This section may be left blank but is intended for you to include any additional supporting information or documentation. For example, a letter of support from a NYCDOE office or an existing contract with the NYCDOE. 

How can I submit a data request? 

You must first create an account in the online IRBManager system. For more information, see our How to Use IRBManager overview. All individuals who will have access to the data must also have an account in IRBManager and be named on the data request form.

Can I collect additional data to supplement my requested NYCDOE administrative data?

If you plan to conduct research or evaluation in schools, with NYC public school students, staff, or affiliates, or contact anyone associated with the NYCDOE for research, you must receive approval from the NYCDOE IRB. If you plan to collect additional data through surveys, focus groups, interviews, observations, assessments, or other methods, you will likely need IRB approval. Please review the IRB page for more information on submitting a study to the NYCDOE IRB.

Personally Identifiable Information & FERPA

What is identifiable data?

Individual-level data (student or staff-level data) are often identifiable, even in cases where direct identifiers (e.g., student ID, name, date of birth, and address) are removed. Datasets that do not include direct identifiers may be identifiable if individual identities can be revealed or deduced through a unique pattern of variables in the dataset or when combined with other datasets. Generally, datasets containing groups of five or fewer individuals with a unique pattern of variables are considered personally identifiable information (PII). As a result, all requests for student or staff-level data are considered identifiable and therefore, all student-level data are subject to FERPA protections. We strongly encourage you to use data that is already publicly available. Publicly available data can be found on NYC Open Data and the NYCDOE webpage.

What is FERPA protected data?

The NYCDOE considers all student-level data, even if coded, to be identifiable and therefore subject to FERPA protections: For more information see What is identifiable data? For more information regarding FERPA protected data, see Family Educational Rights and Privacy Act (FERPA). There are two ways to access student-level data:

  • Collect parental consent.
  • Qualify for a FERPA exception.

If you are planning on collecting parental consent for the release of student-level FERPA protected data, you will be asked to upload a template consent form to the data request submission that will be reviewed by the Data Request Committee (DRC). You will not be asked to submit the signed consent forms through the data request submission.

  • If you would like to receive feedback on the draft parent consent before uploading to the data request form, you can email the template to the RPSGresearch@schools.nyc.gov .
    • If you are collecting parental consent, you cannot qualify for any FERPA exception. Email (RPSGresearch@schools.nyc.gov) if you have additional questions.
  • For more information on the process for providing parental consent, see What do I need to include when a project requires consent forms?

If you are planning on employing one of the established FERPA exception categories, you will need to provide additional information in order for the DRC to assess validity. See How do I access identifiable data for more information. Note that an inherent risk to any request involving PII is the loss of privacy to subjects in the event of a data breach. Responses to the potential risk question should acknowledge this in addition to any other risks posed to subjects as a part of the study.

What are FERPA exceptions?

To adhere to FERPA requirements, you will need to obtain parental consent for the release of student’s data OR provide evidence that the study meets one of the FERPA exceptions. For more information regarding the use of the FERPA exception categories, see What is FERPA protected data? and How do I access identifiable data?

How do I access identifiable student data?

All requests involving student Personally Identifiable Information (PII) are considered FERPA protected. Submissions for FERPA protected data require either parental consent for the release of student records or must meet one of the specified FERPA exception categories.

  • The most common FERPA exception category employed by researchers is the “studies” exception, which allows for the disclosure of PII from student education records for studies being conducted for, or on behalf of, the NYCDOE to:
    • Develop, validate, or administer predictive tests.
    • Administer student aid programs; or
    • Improve instruction.

The NYCDOE requires all studies employing FERPA exception to have an associated district sponsor: see What is a District Sponsor? Note that district sponsorship does not guarantee approval of a data request but does help satisfy the FERPA exception requirement.

If you already have a district sponsor, then you may indicate this by including a letter of support in the data request submission and/or provide the contact details of the district sponsor in the data request form; this will be confirmed by the Data Request Committee (DRC) prior to approving any request.

If you do not have a district sponsor, you will have the opportunity to name the NYCDOE office(s) and/or program team(s) whose work most closely aligns with the aims of the study. You may name more than one office or team if applicable. In addition, you must explain how the results of the study may potentially impact future NYCDOE policy or programming decision making (i.e., how the results can be used by the NYCDOE). This response will be shared with relevant offices or program teams to assess whether the study meets the "studies" FERPA exception. Note that you may be required to provide additional information or asked to present the research proposal to relevant offices or program teams in order to secure a district sponsor.

  • Data requests submitted on behalf of an audit or evaluation of a Federally or State supported education program OR designed to enforce or comply with Federal legal requirements related to the program fall under the “evaluation” FERPA exception. In order to demonstrate that a project meets this exception criteria, you must provide supporting documentation, including but not limited to, grant award letters, contracts, and other agreements.
  • Less commonly, requests may fall under either the “directory information” or “school official” FERPA exception categories.
    • In order for data to fall under the “directory information” exception, data must be designated as directory information by a school or the NYCDOE (as the designated LEA). This includes providing public notice to parents with a clearly stated process and timeline for opting out. Schools and/or the NYCDOE must also clearly state the types of PII to be designated as directory information and their intended use. Evidence of this process must be included in all data requests employing the “directory information” exception.
    • In order for data to fall under the “school official” exception, a school or the NYCDOE must establish criteria in the annual notification of FERPA rights about who is a “school official” and what constitutes a “legitimate school interest.” Additionally, non-NYCDOE employees accessing data under the “school official” exception may only do so while performing an institutional service or function under direct control of the school or district.

What is a district sponsor?

While all studies may have an associated district sponsor, projects planning on employing the “studies” FERPA exception must have a district sponsor in order to confirm that the project is being conducted for, or on behalf of the NYCDOE.

How do I access identifiable teacher & staff data?

While staff Personally Identifiable Information (PII) is not FERPA protected, the Data Request Committee (DRC) places a high priority on staff privacy, similar to that of students’ PII. As a result, the same criteria applied to the release of student PII is applied to studies seeking staff PII (see How do I access identifiable student data). Submissions for staff PII require either subject consent for the release of staff records or meeting one of the FERPA exception categories listed in the previous section. Note that requests for staff personnel data may also be subject to review and approval from the NYCDOE Division of Human Capital (DHC). In this case, the Committee will help facilitate DHC’s review process.

Matching individual student records and the consent process

What do I need to include when a project requires parental consent?

Parental consent and adult consent forms need to specify all data and years being requested. Consent forms do not need to list the specific data elements included but should convey to parents the type of data that will be requested: e.g., name, date of birth, test scores, academic transcript, and suspension records. Please see our Data Release Consent Form Template. Additional elements that should be included in parental consent and adult consent forms include:

  • Title of the study and general study information
  • Researchers’ contact information
  • Purpose of study
  • Inclusion criteria of the study
  • Data to be requested (both data types and years)
  • Potential benefits and risks for participation
    • Note that an inherent risk to any request involving individual-level data is the loss of privacy to subjects in the event of a data breach. This should be acknowledged in this section along with any other potential risks and benefits associated with study participation.
  • Compensation (if applicable)
  • Costs associated with study participation (if applicable)
  • Statement of consent with signature line
    • Note that consent to data release must be separate from the consent to program participation. Consent for participating in a study must be collected separately from the consent for data release.
  • Line for student name (printed)
  • Line for student OSIS number
    • Note that student OSIS numbers are not required for the consent form, but the Data Request Committee strongly suggest collecting this for student record matching

Prior to collecting consent, you can prospectively share proposed consent form templates with the Data Request Committee (DRC), prior to submitting the data request form, by sending it to RPSGResearch@schools.nyc.gov. However, the consent form will officially be reviewed by the Committee after the data request form is submitted in IRBManager in order to review it within the full context of the study.

Once you have received approval for the consent forms and data request, you will be asked to provide cataloged consent forms, following the format below:

  • A single document that includes all consent forms merged in PDF format (The DRC will not review individual consent forms).
    • Each individual consent form must be labeled with a number.
  • A spreadsheet that includes: (excel format)
    • Consent form number
      • Student details for matching student records (see How do I submit a request that involves matching)
      • Any additional study/program data collected by the study team (if applicable)
        • For example: Include a research ID field.

Consent forms must be sorted in numerical order, as they appear on the numbered spreadsheet: see our template Consent Form Catalog. Consent form catalogs must be formatted according to the conventions specified in the template; incomplete or unformatted catalogs will not be accepted.

Note that you should never email signed consent forms or catalogs to the DRC; these should be transferred via a secure File Transfer Protocol (sFTP) or another agreed upon data transfer method. 

How do I submit a data request that involves matching student records?

Some data requests involve matching student records. For example, if you collected parental consent from study subjects and wish to request records for consented students, the Data Request Committee (DRC) can match records provided by you to NYCDOE records. To ensure that match rates are high enough to produce valid results, the DRC requires the following elements to match student records.

  • Student ID (OSIS number)
  • First name
  • Last name
  • Date of birth

OR

  • First name
  • Last name
  • Date of birth
  • School code (DBN)

Submissions for requests that involve matching student records that do not include all these elements will be reviewed on a case-by-case basis. If the Committee determines that the information provided will not yield a high enough match rate for the study’s findings to be valid, the request will be rejected.

The matching procedure will only be conducted once per request, so you should ensure the accuracy of student rosters before submitting them to the DRC. Please note that file should be formatted/cleaned (e.g., student OSIS Ids are 9 digits in length), duplicates removed, etc. For information on consent form catalog requirements, see What do I need to include when a project requires consent forms?

Note that you should never email student lists to the DRC; this data should be transferred via a secured File Transfer Protocol (sFTP) or another agreed upon data transfer method.

Data sharing agreement

How do I execute a Non-Disclosure Agreement (NDA)?

What is an NDA?

A Non-Disclosure Agreement (NDA) is required for all data requests. The NDA will include relevant information from the data request form, including responses to the Parents Bill of Rights (PBoR).

The NYCDOE facilitates electronic signatures of the NDA via DocuSign. Note that requestors and requesting organizations do not need a DocuSign account in order to receive and sign the NDA.

Who can sign an NDA?

NDAs will only be accepted if they are signed by an official with the legal authority to do so on behalf of the requestor’s institution. It is your responsibility to determine who is legally authorized to sign on behalf of your affiliated institution; the NYCDOE is unable to provide assistance with this requirement.

NDA Steps

  • Data request is approved
  • The Data Request Committee sends NDA to the submitter via DocuSign
  • Submitter reviews PBoR(within NDA) responses for accuracy, initials if correct, and submit
  • Submitter receives a link to NDA via DocuSign and assigns to the institution’s signatory official
  • Institutional signatory official receive NDA from DocuSign and signs
  • Data Request Committee receives NDA for final signature
  • All parties receive a link to the fully executed NDA from DocuSign

Important Notes

Review PBoR responses carefully. You should make sure to review the PBoR responses prior to initialing as changes to these responses will necessitate a new NDA and will delay the data request process.

If modifications to the NYCDOE NDA are required, you may request a Microsoft Word version that can be edited via tracked changes and must be reviewed and approved by NYCDOE legal counsel. Note that modification requests to the NDA can significantly delay the processing of the data request and not all modification requests may be accepted.

What is the Parents Bill of Rights (PBoR)?

Pursuant to New York Education Law §2-d and 8 N.Y.C.R.R 121.3, the NYCDOE is required to add information to Non-Disclosure Agreements (NDAs) in order to inform the public about what data is shared through the NDA, for what purposes, and how it is being protected and kept secured. In order to do this, you must answer the questions in the Parents Bill of Rights for Data Privacy and Security.

In accordance with these provisions, it is necessary for you to provide a complete and accurate response to each item in the Parents Bill of Rights (PBoR). If an item is not applicable to the agreement with the NYCDOE, you must provide further explanation. Responses are subject to review and approval by the Data Request Committee (DRC). Note that responses to the PBoR may be posted publicly on the NYCDOE’s website.

A few additional considerations to keep in mind:

  • The NYCDOE reserves the right to review and reject all responses or data requests without further explanation. Note that certain response options provided in the data request form must match federal and state legal requirements, and deviations will need to be reviewed and considered on a case-by-case basis.
  • The NYCDOE considers all student and staff-level data to be Personally Identifiable Information (PII), even after direct identifiers are removed. If the data in the request includes individual-level records, you should account for this in your responses.
  • You should phrase responses so that public posting of them will not jeopardize the security of PII or data protection processes.
  • You should not refer to or use defined terms found elsewhere in the data request form or NDA; responses must stand on their own as they may be posted publicly.
  • You should ensure that the language is clear with plain English since the audience may consist of NYCDOE parents, staff, students, and other interested members of the public.

You will answer the PBoR questions in the data request form in IRBManager when you first submit your data request. You should read the instructions in the data request form carefully and fully answer the PBoR questions, in order to prevent processing delays. Once a submission has been approved, the DRC will input the responses provided directly into the PBoR, which is included as an appendix in the NDA. You will need to initial these responses to confirm their validity prior to having the agreement signed.

Can I submit a data request without an institutionally backed project?

No, data requests may only be submitted for institutionally backed projects. An institution must be willing to enter a Non-Disclosure Agreement (NDA) with the NYCDOE on the researcher's behalf. Given the sensitive nature of the data and the security requirements necessary to protect Personally Identifiable Information (PII), the NYCDOE is unable to enter into a data sharing agreement with individual researchers without institutional affiliation. All approved data requests must have a Non-Disclosure Agreement (NDA) in place before data may be transferred and signed by an individual with the authority to sign on behalf of an organization (i.e., the signatory official).

You will answer the PBoR questions in the data request form in IRBManager when you first submit your data request. You should read the instructions in the data request form carefully and fully answer the PBoR questions, in order to prevent processing delays. Once a submission has been approved, the DRC will input the responses provided directly into the PBoR, which is included as an appendix in the NDA. You will need to initial these responses to confirm their validity prior to having the agreement signed.

Can I use my personal computer to access the data?

No, given that Non-Disclosure Agreements (NDAs) are executed at the institutional level, the signing organization is responsible for the proper security, storage, and privacy of all transmitted data and is potentially liable in the case of a data breach. As a result, transmitted data must always remain on the organization’s servers and may not be transferred to third parties or individuals without written permission from the NYCDOE. Additionally, data must always remain encrypted in motion and at rest.

Graduate students and independent researchers must receive permission from their institution to maintain and access data on the institution’s server, either physically or through an institutionally-backed Virtual Private Network (VPN) service. Data may not be transferred to personal computers or devices and must only be accessed through an institutionally owned device or through an institutionally backed VPN service. 

Maintaining the data request

How do I make changes to an approved study?

You may request amendments to approved data requests to account for any changes to the initial request, including, but not limited to:

  • Data elements needed
  • Years of data needed
  • Changes in the study population
  • Changes in the data security plan
  • The addition or removal of study team members.

Note that major changes to the project, including changes to hypotheses, methodologies, and research questions may necessitate the submission of a new data request submission. If the Data Request Committee (DRC) determines that the proposed amendment significantly alters the scope of the project, amendments may be rejected, and you will be asked to submit a new data request. If you would like more information on making changes to the approved study, email RPSGresearch@school.nyc.gov.

Both amendments and continuations are submitted in the same method: you should access the original submitted form and use the “copy for amendment” icon located in IRBManager. Directions with screenshots can also be found in IRBManager.

How do I request a continuation for my study?

You should request a project continuation if you require access to data previously shared beyond the end term of the Non-Disclosure Agreement (NDA).

Continuation requests should be made at least 90 days before the expiration (see How do I know when my study will expire?) of the NDA to provide the Data Request Committee (DRC) opportunity to review the request. If the original NDA expires prior to the submission and approval of a data request continuation, all data should be destroyed, deleted, or transferred per the terms of the Parents Bill of Rights. Note that prior project approval does not guarantee a continuation approval and continuations will be reviewed on a case-by-case basis.

Both amendments and continuations are submitted in the same method: you should access the originally submitted form and use the “copy for amendment” icon located in IRBManager. Directions with screenshots can also be found in IRBManager.

How do I know when my data request will expire?

Your study expires on the end date stated in your Non-Disclosure Agreement (NDA). If your NDA is set to expire and you require continued access to data or would like to request additional years of data, you may request a Continuation. If the data request expires before continuation is granted, you must stop using the data, and all data should be destroyed, deleted, or transferred per the terms of the Parents Bill of Rights (PBoR).

If you require additional access to the data beyond the end term of the NDA, you should complete and submit a project continuation form (see How do I request a continuation for my study?). If the study is complete and no further access to the data is required, requestors should complete the following steps:

  • Destroy, delete, or transfer all data per the terms set in the PBoR.
  • Submit your publication(s) and/or final work product(s), as outlined in the NDA
  • Complete the study closure short-form
    • The form will be emailed to you directly at the conclusion of the project
  • Submit the certificate of data destruction; the certificate may be found at the end of the NDA but can also be re-sent by request.

Unless a continuation is submitted, approved, and a new NDA is signed prior to the expiration of the original agreement, you must follow all the steps outlined above. Future data requests cannot be approved until the NYCDOE has received the required documents.

Contact with more questions

Who should I contact with more questions?

Additional questions should be sent to RPSGresearch@schools.nyc.gov. A response will be provided within five business days.

Click here to download the complete FAQs for External Data Requests.

Back to Top