De-Identified, Individual-level Requests

What question(s) do you want answered?

Though optional, consulting with the Data Team prior to submitting a data request can help your request run more smoothly. The Data Team can provide suggestions on what available data might help to address a requestor’s research questions.

All requests are subject to data owner approval.

De-identified, individual-level requests require additional documentation such as training certifications, confidentiality forms, and (as applicable) IRB applications/approvals for studies to ensure data users understand how to protect sensitive data. Data in the Statewide Longitudinal Data System still belong to the Hawai‘i state departments it originated from. All requests for data must be approved by data owners before they can be processed.

There is a minimum 10-day review period for data owners to approve/disapprove requests.

Data Team conducts the analyses for your request.

The Data Team compiles the necessary data elements and validates the datasets to ensure the reliability of the data.

Time needed for this step depends on the complexity request and/or other projects already in process.

Dataset sent to you. 

De-identified datasets are sent to you for analyses and used as notated in your approved data request. Data may not be used for any other purpose. Please contact the Data Team first before using the data for a different purpose. Data owners need to first approve the additional use of the data.

Data products sent to the DXP for data owner review. 

Data in any form cannot be shared outside of the data users listed on your data request until the data products [hover over definition: Data products include aggregate tables, charts/visuals, statistical analyses, etc. created from the data] have been approved by data owners. Data products to be shared must be in aggregate format with small cell suppression (<5 numerator and/or <10 denominator) with complementary suppression as needed to protect any individuals from being identified.

Data products/views are required to be sent to the DXP for data owner review. Data owners do not review for content, but to ensure data was correctly suppressed to protect individual confidentiality and privacy.

There is a minimum 10-day review period for data owners to review the data. If they have any concerns, the Data Team will work with the requestor to address any issues and resubmit the data for review.

Requestors are notified when their data products/views have been approved for release beyond listed data users.

Datasets are securely destroyed by data users.

All data users listed on the data request must securely delete the original, individual-level dataset(s), along with any individual-level information derived from the original dataset(s) after the project has been completed. Data users must then each submit a DXP Certification of Data Destruction to the DXP.

Dataset may be kept through audit periods as approved on the data request or datasets can be returned to the Data Team to hold on to until the end of the audit period.

For more information on securely deleting files, see: https://www.hawaii.edu/askus/672 and https://www.hawaii.edu/askus/706 and/or https://www.nist.gov/publications/nist-special-publication-800-88-revision-1-guidelines-media-sanitization.