Restricted Data

RAND ALP has prepared a Restricted Data file, which currently includes respondent ZIP Code and full birth date (day, month, and year).

Only researchers employed by an organization with a current Federal Wide Assurance (FWA) Certificate, or researchers that defer to RAND's HSPC, can apply to use the Restricted Data.

The process for all applications is the same regardless of specific restricted variables requested, and involves the following steps:

  1. The applicant submits a preliminary application to The preliminary application should include a brief, (no more than 2-page) proposal outlining the research question(s) they wish to address, the specific restricted data they want to use with justification for the variable(s), and analysis plan. The preliminary application should also include a detailed Restricted Data Protection Plan, following the guidelines provided below.
  2. When RAND ALP approves the data safeguarding plan and other parts of the preliminary application, the applicant then submits the application package to their home IRB [or RAND's HSPC if their institution does not have an IRB] for review. RAND ALP has prepared the Memorandum and Certification Form for the Institutional Review Board for Human Subjects for the researcher's IRB. The IRB must complete this form indicating that the board has reviewed and approved the Research Proposal and Data Protection Plan that specifically deal with respondent anonymity, data security, and compliance with the Restricted Data Use Agreement.
  3. If the IRB approves the application and completes the form, the final step is signature of Restricted Data Use Agreement by the researcher and an official from his/her institution who has authority to sign contracts.

This Restricted Data Use Agreement is a legal document between the Restricted Data Investigator, his/her employer, and RAND. The primary goal of this agreement is to insure that: (a) researchers understand the terms under which they have access to the data, (b) they will protect the security of the data, and (c) they will not try to identify RAND ALP respondents.

Once signed by all relevant parties, the Agreement and all attachments must be sent as a package to RAND containing the following:

RAND will have full discretion in deciding whether to approve an application for access to Restricted Data. RAND may request additional information from applicants or request changes to the Data Protection Plan. When RAND decides that all requirements are met, a representative from RAND will sign the Restricted Data Use Agreement and return a copy of the fully executed agreement to the applicant along with a copy of the data.

Data Protection Plan Requirements and Guidelines for ALP Restricted Data

This section describes the required contents of the Data Protection Plan for ALP Restricted Data. It describes the basic information that all Data Protection Plans should include, the type of protection expected, and the disclosure rules for presenting and publishing results on these data.

The Data Protection Plan is an important part of the signed agreement between RAND and the Restricted Data Investigator's home institution. All members of the research team with access to the Restricted Data are contractually obligated to follow all aspects of the Data Protection Plan.

The fundamental goal of the protections outlined in this plan is to prevent persons who are not signatories to the Restricted Data Use Agreement or the Supplemental Agreement with Research Staff from accessing the data. RAND will not approve the preliminary application if the plan is not written with sufficient specificity, or if RAND does not deem the data protections to be adequate.

The Data Protection Plan applies to the original RAND ALP Restricted Data files received from RAND (regardless of its format), to any copies made by the research team, and to any new data derived solely or in part from the original RAND ALP Restricted Data files. The plan also should address how computer output derived from the data (for example, case listings and printouts), will be protected and disposed of securely.

The Data Protection Plan must describe the following elements of the work and computing environments.

  1. List and describe all locations where the original and any copies of the data will be kept (and provide building name, street address, and room numbers);
  2. Describe the computing environment in which the data will be used, including:
    • Computing platform (e.g., personal computer, workstation, mainframe) and operating system
    • Number of computers on which data will be stored or analyzed
    • Whether PCs used in the research project will be on a network or will be stand-alone
    • Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff)
    • A list and description of all devices on which data will be stored (e.g., network server, mainframe computer storage device, PC hard drive, removable storage device such as CD, floppy drive, or zip drive)
    • Methods of data storage when data are not being used
    • Methods of transmitting the data between research team members (if applicable)
    • Methods of storage of computer output both in electronic form and in hard copy (on paper or other media)
    • Instruction in data protection policies that will be provided to each staff member and student before they receive access to the data as well as recurrent instruction that will be conducted at least annually.

Types of Protection Expected

Although a successful Data Protection Plan may vary across research projects and depend on the host institution, it should include essentially all of the following features or their equivalent:

The Restricted Data Investigator must regularly monitor procedures for use of the data by all project staff and collaborators. Clear rules about Restricted Data use should be posted in a location that is readily visible to staff. At the conclusion of the research project, all the original ALP Restricted Data media must be returned to RAND and all data files and unpublished printouts must be destroyed.

Disclosure Rules

The Data Protection Plan must carefully describe how researchers and staff members will avoid inadvertent disclosure of respondents' geographic locations or identity in all working papers, publications, and presentations.

At minimum, researchers must explicitly agree to exclude from any type of publication or presentation, the following information:

IRB Review Requirements

ALP and RAND require that applicants submit their application, including the ALP-reviewed and approved data safeguarding plan, to their home institution for a review.

All applicants are required to have their IRB complete the Memorandum and Certification Form for the Institutional Review Board for Human Subjects.

ALP Restricted Data Users Annual Report

An Annual Report is due on the anniversary of your restricted data user agreement. It is submitted electronically to and must include the following items:

  1. An updated Research Plan and Data Protection Plan, if there have been changes to either of these plans, or a note stating that there have been no changes
  2. The most recent annual approval notice from your Institutional Review Board
  3. An updated list of all project team members that shows individuals who have joined the project as well as those who have left
  4. A list and electronic copies of all publications and documents using the restricted data including slides or posters from presentations, working papers, dissertations, theses, manuscripts, reports, book chapters, and published or forthcoming journal articles prepared since the beginning of the project or since the previous submission of these materials

Continuing or Ending your Restricted Use Agreement

Researchers and project team members may use the data only for the time period specified on the Restricted Use Data Agreement, or, if no dates are specified, for two years from the effective date of the contract.

Restricted Data Users may extend or renew their agreements to use the data.


Restricted Data Users who are up-to-date with their Annual Reports may request an extension of their use of the data for up to one year.

To request an extension, please submit the following items:

End of Contract

At the end of the Agreement, Restricted Data Users must return the data to RAND along with an End of Agreement form.

RAND ALP Restricted Data Agreements FAQs

Answers to frequently asked questions about RAND ALP Restricted Data agreements are listed below. Contact us for any additional information or for answers to other questions.

What happens if the Restricted Data Investigator changes institutions?
Changes in the home institution of the Restricted Data Investigator require the submission of a new application or return of the data.
What if someone joins the project team?
In order for any new project team members to use the RAND ALP Restricted Data, the Restricted Data Investigator must fill out, sign, and submit to RAND two copies of the Supplemental User Agreement for each additional staff member. The new staff member may begin using the data after the agreement has been signed by RAND and returned to the Restricted Data Investigator, and the Restricted Data Investigator has informed the local IRB about the new staff member's access to the RAND ALP Restricted Data. Similarly, if a member of the project team is no longer using the data, the Restricted Data Investigator should notify RAND and the local IRB of this change. Any and all changes to staff should be listed in the Annual Report submitted to RAND.
What if my Data Protection Plan changes?
Significant changes to your Data Protection Plan require that a new plan be submitted to RAND for approval. Please consult with the RAND ALP staff to determine whether the planned change in data safeguarding procedures will warrant the submission of a new plan.
What should I do when my project ends?
When your project ends, the Restricted Data must be returned to RAND and all copies and backups must be destroyed. Please complete and return an End of Agreement form and return this form to RAND with the Restricted Data.
What if my project is extended and I need to continue using the data?
If your Annual Reports are up to date, you may extend your use of the data for up to one year. Please submit the following items: a written request (maximum length of one page) and a completed and signed Extension Request Form. Please note that only a single extension to a Restricted Data contract is allowed. At the end of the one-year extension, the Restricted Data must be returned to RAND. Continued use of the Restricted Data beyond the one-year extension will require a new application.
Who should I notify if an article using the data is published?
Please send an email to with a complete citation and a link to the article (if available). Please also let us know about dissertations and papers presented at conferences.
When is my Annual Report due?
Your Annual Report is due to RAND each year on the date that your contract was signed by RAND.
What if my research plan changes substantially or I would like to study a new topic using the RAND ALP Restricted Data?
In either of these cases, a new application is necessary.
I am a graduate student and would like to use RAND ALP Restricted Data for my dissertation. How should I apply to use these data?
Your faculty advisor must serve as the Restricted Data Investigator in the application to use the RAND ALP Restricted Data. You can be included in the application as a supplementary user of the restricted data.