|(a) Definitions. The following words and terms, when
used in this section, shall have the following meanings, unless the
context clearly indicates otherwise.
(1) FERPA means the Family Educational Rights and Privacy
Act, 42 U.S.C. §1232g, including regulations and informal written
guidance issued by the United States Department of Education and any
amendments or supplementation thereof.
(2) Cooperating Agencies means the Texas Education
Agency (TEA), the Texas Higher Education Coordinating Board (CB),
and the Texas Workforce Commission (TWC).
(3) P-20/Workforce Data Repository refers to the collection
of data from each Cooperating Agency. The cooperating agencies shall
execute agreements for the sharing of data for the purpose of facilitating
the studies or evaluations at Education Research Centers (ERCs). In
accordance with the agreements, each cooperating agency shall make
available all appropriate data, including to the extent possible data
collected by the cooperating agency for the preceding 20 years. A
cooperating agency shall periodically update the data as additional
data is collected, but not less than once each year. The repository
shall be operated by the CB.
(4) The CB may enter into data agreements for data
required for approved studies or evaluations with the state education
agency of another state, giving priority to the agencies of those
states that send the highest number of postsecondary education students
to this state or that receive the highest number of postsecondary
education students from this state. An agreement under this paragraph
must be reviewed by the United States Department of Education and
must require the agency of another state to comply with all data security
measures required of a center. The CB may also enter into data agreements
with local agencies or organizations that provide education services
to students in this state or that collect data that is relevant to
current or former students of public schools in this state and is
useful to the conduct of research that may benefit education in this
(5) Confidential information as applied to data in
the P-20/Workforce Data Repository provided to an ERC includes all
individual-level data, including any data cells small enough to allow
identification of an individual. All data cells containing between
one and four individuals, inclusive, are confidential.
(A) Small data cells will be considered any cell containing
between one and four individuals inclusive. Information may not be
disclosed where small data cells can be determined through subtraction
or other simple mathematical manipulations or subsequent cross-tabulation
of the same data with other variables. Institutions may use any of
the common methods for masking including:
(i) hiding the small cell and the next larger cell
on the row and column so the size of the small cell cannot be determined;
(ii) hiding the small cell and displaying the total
for both the row and column as a range of at least ten; or
(iii) any methodology approved by the cooperating agencies.
(B) References to the CB shall also be deemed to include
the Commissioner of Higher Education. References to the TEA shall
also be deemed to include the Commissioner of Education. References
to the TWC shall also be deemed to include the Workforce Commissioners.
(1) ERCs shall be established by the CB. An ERC may
only be established at a sponsoring public institution of higher education
in Texas but may be awarded to a consortium of such institutions.
An ERC must be physically located within Texas and must retain all
data at that location except for secure off-site data back-up in accordance
with written procedures approved by the Advisory Board. Individual
level data may not be provided to a researcher at a location other
than a Research Center or the CB or a public institution of higher
education located in Texas that is an acknowledged consortium member
of the ERC.
(2) The CB is responsible for general oversight and
technical assistance of ERCs, except as otherwise provided in this
chapter. All policy decisions shall be approved by the CB.
(3) Sponsoring institutions of higher education are
responsible for all equipment, salaries and other operating costs
of an ERC, including documented staff time and equipment at TEA and
the CB necessary to prepare and maintain data for the ERCs, as well
as reasonable reimbursable expenses of the Advisory Board. Costs will
include actual documented expenses up to two full-time equivalent
employees at TEA and CB along with associated data storage costs as
set by DIR for the data center consolidation rates unless otherwise
agreed to by the CB and the ERCs.
(4) The ERCs may provide researchers access to shared
data only through secure methods and require each researcher to execute
an agreement regarding compliance with the Family Educational Rights
and Privacy Act of 1974 (20 U.S.C. §1232g) and rules and regulations
adopted under that Act. Each ERC shall adopt rules or policies to
protect the confidentiality of information used or stored at the center
in accordance with applicable state and federal law, including rules
or policies establishing procedures to ensure that confidential information
is not duplicated or removed from a center in an unauthorized manner.
(c) Advisory Board.
(1) The Commissioner of Higher Education shall create
and maintain an advisory board to review and approve, as it deems
appropriate, research involving access to confidential information
and to adopt policies and rules governing the protection of such information
in ERC operations. The Advisory Board is not a governmental body for
purposes of Chapters 551 and 552 of the Texas Government Code.
(2) Membership of the Advisory Board shall include,
at a minimum:
(A) the Commissioner of Higher Education, as Chair;
(B) a representative of TEA, designated by the Commissioner
(C) a representative of the CB, designated by the Commissioner
of Higher Education;
(D) a representative of the TWC, designated by the
(E) the Director or Director's designee of each ERC;
(F) a representative of preschool, elementary, or secondary
education, designated by the Commissioner of Higher Education.
(G) Additional member(s) may be appointed within the
discretion of and as determined by the Commissioner of Higher Education.
(3) The Advisory Board will review each study or evaluation
proposal. A study or evaluation proposal must be approved in advance
by majority vote of the Advisory Board before it can be conducted
at an ERC. The Advisory Board's review of a proposal must include
the following factors:
(A) the potential to benefit education in Texas;
(B) require each ERC Director or designee to approve
of the research design and methods to be used; and
(C) the extent to which the required data is not readily
available from another source.
(4) The Advisory Board will decide if a submitted proposal
falls under the "studies" exception or the "audit/evaluation" exception
described in FERPA and its implementing regulations. Should a proposed
study or evaluation not be permitted by FERPA or its implementing
regulations, the proposal will be denied.
(5) Each ERC will enter into a written agreement with
each researcher mandating the researcher's compliance with FERPA.
(6) The Advisory Board shall meet at the call of the
Chair at least quarterly each year and such meetings will be open
to the public.
(7) Meetings may be conducted by electronic means,
including telephonic, video conference call, Internet, or any combination
of those means.
(8) The Advisory Board may create committees and subcommittees
as it deems necessary or appropriate.
(1) An ERC may operate only under written authorization
by the CB. Status as an ERC may not be assigned, delegated or transferred
to any other entity.
(2) An ERC shall be led by a managing Director who
is a professional employee of the sponsoring institution of higher
education (IHE). The managing Director shall report directly to the
chief operating officer of the sponsoring IHE unless a different reporting
structure is approved by the CB.
(3) All research at an ERC involving access to confidential
information shall be conducted with the approval of the Advisory Board
or by request of the Texas Workforce Commission, Commissioner of Higher
Education or the Commissioner of Education if the requesting agency
provides sufficient funds to the ERC to finance the project.
(4) Confidential information provided to an ERC shall
be protected by procedures to ensure that any unique identifying number
is not traceable to any individual. Such procedures must be maintained
as confidential by TEA and the CB and may not be shared with an ERC,
or used for any other purpose. Under no circumstances may social security
numbers, names, or birthdates be accessed for the purpose of research
at an ERC.
(5) ERCs shall adopt written procedures for research
conducted using confidential information, subject to FERPA and its
implementing regulations and approval by the Advisory Board. An ERC
may not access confidential information until all such procedures
are approved. Such procedures shall include:
(A) measures to ensure against unauthorized disclosure
of confidential information;
(B) independent review of all research products/results
by a designated ERC staff person not involved in that specific project
to ensure against unauthorized disclosure of confidential information
in accordance with guidelines adopted under FERPA;
(C) measures to ensure that confidential information
is not copied or removed from the ERC;
(D) annual certification of full compliance with all
requirements of state and federal laws and regulations regarding the
use of confidential information for research purposes by the internal
auditor of each participating IHE;
(E) before final approval of a research proposal by
the Advisory Board, the researcher must certify that the research
proposal complies with the IHE's institutional review board or similar
research review board with oversight over research design, including
any applicable requirements for research involving human subjects
the ERC shall provide evidence of approval from the IRB or justification
for exclusion from the IRB process before a researcher has access
to any data; and
(F) criteria for allocating research access capacity
for researchers not affiliated with the sponsoring IHEs.
(6) All final research reports or analysis produced
at an ERC shall:
(A) be made available upon request to the cooperating
(B) a single copy shall be made available to the cooperating
agencies for any copyright publications at no cost to the cooperating
agencies; institutionally produced or non-copyright publications shall
be available for public distribution, copying or reproduction at no
cost to the cooperating agencies;
(C) contain a disclaimer in a form acceptable to the
cooperating agencies stating that the conclusions of the research
do not necessarily reflect the opinion or official position of those
entities or of the State of Texas;
(7) An ERC shall comply with the requirements of the
Texas Public Information Act, including requirements relating to data
manipulation. Charges for processing Public Information Act requests
shall be based on guidelines developed by the Texas Attorney General's
(8) A sponsoring IHE shall cooperate fully with all
audit requests made by the CB or the Advisory Board. Each ERC shall
annually request and undergo a security audit performed by the Texas
Department of Information Resources, or a contractor approved by that
Department, which shall include a penetration test of computer equipment
and access, and provide the results thereof to the CB.
(9) Research projects that require access to data not
then included in the database maintained by the CB for research will
be provided by the cooperating agencies if available. An ERC will
be charged the cost to process or manipulate such data.
(e) Sanctions and Termination.
(1) Upon a determination that confidential information
has been released or has been copied to another location, or that
appropriate security measures are not in place to protect confidential
information, the CB may, in addition to other remedies set forth in
this section, require an ERC to obtain appropriate services or equipment
or to remove confidential information from such other location in
order to remedy a security deficit. Such services or equipment shall
be purchased by the ERC from vendors subject to approval of the CB.
(2) The ERC under review shall be required to pay all
reasonable costs to the CB for time necessary to re-audit and ensure
appropriate security measures are in place after a possible breech