SECTION 1.18. Operation of Education Research Centers

Latest version.

(a) Definitions. The following words and terms, when used in this section, shall have the following meanings, unless the context clearly indicates otherwise.
(1) FERPA means the Family Educational Rights and Privacy Act, 42 U.S.C. §1232g, including regulations and informal written guidance issued by the United States Department of Education and any amendments or supplementation thereof.
(2) Cooperating Agencies means the Texas Education Agency (TEA), the Texas Higher Education Coordinating Board (CB), and the Texas Workforce Commission (TWC).
(3) P-20/Workforce Data Repository refers to the collection of data from each Cooperating Agency. The cooperating agencies shall execute agreements for the sharing of data for the purpose of facilitating the studies or evaluations at Education Research Centers (ERCs). In accordance with the agreements, each cooperating agency shall make available all appropriate data, including to the extent possible data collected by the cooperating agency for at least the preceding 20 years. A cooperating agency shall periodically update the data as additional data is collected, but not less than once each year. The repository shall be operated by the CB.
(4) The CB may enter into data agreements for data required for approved studies or evaluations with the state education agency of another state, giving priority to the agencies of those states that send the highest number of postsecondary education students to this state or that receive the highest number of postsecondary education students from this state. An agreement under this paragraph must be reviewed by the United States Department of Education and must require the agency of another state to comply with all data security measures required of a center. The CB may also enter into data agreements with local agencies or organizations that provide education services to students in this state or that collect data that is relevant to current or former students of public schools in this state and is useful to the conduct of research that may benefit education in this state.
(5) Confidential information as applied to data in the P-20/Workforce Data Repository provided to an ERC includes all individual-level data, including any data cells small enough to allow identification of an individual. All data cells containing between one and four individuals, inclusive, are confidential.
(A) Small data cells will be considered any cell containing between one and four individuals inclusive. Information may not be disclosed where small data cells can be determined through subtraction or other simple mathematical manipulations or subsequent cross-tabulation of the same data with other variables. Institutions may use any of the common methods for masking including:
(i) hiding the small cell and the next larger cell on the row and column so the size of the small cell cannot be determined; or
(ii) hiding the small cell and displaying the total for both the row and column as a range of at least ten; or
(iii) any methodology approved by the cooperating agencies.
(B) References to the CB shall also be deemed to include the Commissioner of Higher Education. References to the TEA shall also be deemed to include the Commissioner of Education. References to the TWC shall also be deemed to include the Workforce Commissioners.
(b) Purpose.
(1) ERCs shall be established by the CB. An ERC may only be established at a sponsoring public institution of higher education in Texas but may be awarded to a consortium of such institutions. An ERC must be physically located within Texas and must retain all data at that location except for secure off-site data back-up in accordance with written procedures approved by the Advisory Board. Individual level data from the ERC P-20/Workforce Data Repository may not be provided to a researcher except in the following ways:
(A) individual level data may be provided to a researcher at a Research Center or the CB or a public institution of higher education located in Texas that is an acknowledged consortium member of the ERC; or
(B) individual level data may be accessed by approved researchers via secure, restricted, VPN remote access provided all other provisions of this chapter are met and established policies are followed regarding additional controls.
(2) The CB is responsible for general oversight and technical assistance of ERCs, except as otherwise provided in this chapter. All policy decisions shall be approved by the CB.
(3) Sponsoring institutions of higher education are responsible for all equipment, salaries and other operating costs of an ERC, including documented staff time and equipment at TEA and the CB necessary to prepare and maintain data for the ERCs, as well as reasonable reimbursable expenses of the Advisory Board. Costs will include actual documented expenses up to two full-time equivalent employees at TEA and CB along with associated data storage costs as set by DIR for the data center consolidation rates unless otherwise agreed to by the CB and the ERCs.
(4) The ERCs may provide researchers access to shared data only through secure methods and require each researcher to execute an agreement regarding compliance with the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g) and rules and regulations adopted under that Act. Each ERC shall adopt rules or policies to protect the confidentiality of information used or stored at the center in accordance with applicable state and federal law, including rules or policies establishing procedures to ensure that confidential information is not duplicated or removed from an Education Research Center or from a remote access interface in an unauthorized manner.
(c) Advisory Board.
(1) The Commissioner of Higher Education shall create and maintain an advisory board to review and approve, as it deems appropriate, research involving access to confidential information and to adopt policies and rules governing the protection of such information in ERC operations. The Advisory Board is considered to be a governmental body for purposes of Chapters 551 and 552 of the Texas Government Code.
(2) Membership of the Advisory Board shall include, at a minimum:
(A) the Commissioner of Higher Education, as Chair;
(B) a representative of TEA, designated by the Commissioner of Education;
(C) a representative of the CB, designated by the Commissioner of Higher Education;
(D) a representative of the TWC, designated by the Commission;
(E) the Director or Director's designee of each ERC; and
(F) a representative of preschool, elementary, or secondary education, designated by the Commissioner of Higher Education.
(G) Additional member(s) may be appointed within the discretion of and as determined by the Commissioner of Higher Education.
(3) The Advisory Board will review each study or evaluation proposal. A study or evaluation proposal must be approved in advance by majority vote of the Advisory Board before it can be conducted at an ERC. The Advisory Board's review of a proposal must include the following factors:
(A) the potential to benefit education in Texas;
(B) require each ERC Director or designee to approve of the research design and methods to be used; and
(C) the extent to which the required data is not readily available from another source.
(4) The Advisory Board will decide if a submitted proposal falls under the "studies" exception or the "audit/evaluation" exception described in FERPA and its implementing regulations. Should a proposed study or evaluation not be permitted by FERPA or its implementing regulations, the proposal will be denied.
(5) Each ERC will enter into a written agreement with each researcher mandating the researcher's compliance with FERPA.
(6) The Advisory Board shall meet at the call of the Chair at least quarterly each year and such meetings will be open to the public.
(7) Meetings may be conducted by electronic means, including telephonic, video conference call, Internet, or any combination of those means.
(8) The Advisory Board may create committees and subcommittees as it deems necessary or appropriate.
(d) Operation.
(1) An ERC may operate only under written authorization by the CB. Status as an ERC may not be assigned, delegated or transferred to any other entity.
(2) An ERC shall be led by a managing Director who is a professional employee of the sponsoring institution of higher education (IHE). The managing Director shall report directly to the chief operating officer of the sponsoring IHE unless a different reporting structure is approved by the CB.
(3) All research at an ERC involving access to confidential information shall be conducted with the approval of the Advisory Board or by request of the Texas Workforce Commission, Commissioner of Higher Education or the Commissioner of Education if the requesting agency provides sufficient funds to the ERC to finance the project. All remote access research at an ERC involving access to confidential information shall be conducted with the approval of the Advisory Board.
(4) Confidential information provided to an ERC shall be protected by procedures to ensure that any unique identifying number is not traceable to any individual. Such procedures must be maintained as confidential by TEA and the CB and may not be shared with an ERC, or used for any other purpose. Under no circumstances may social security numbers, names, or birthdates be accessed for the purpose of research at an ERC.
(5) ERCs shall adopt written procedures for research conducted using confidential information, subject to FERPA and its implementing regulations and approval by the Advisory Board. An ERC may not access confidential information until all such procedures are approved. Such procedures shall include:
(A) measures to ensure against unauthorized disclosure of confidential information;
(B) independent review of all research products/results by a designated ERC staff person not involved in that specific project to ensure against unauthorized disclosure of confidential information in accordance with guidelines adopted under FERPA;
(C) measures to ensure that confidential information is not copied or removed from the ERC;
(D) annual certification of full compliance with all requirements of state and federal laws and regulations regarding the use of confidential information for research purposes by the internal auditor of each participating IHE;
(E) before final approval of a research proposal by the Advisory Board, the researcher must certify that the research proposal complies with the IHE's institutional review board or similar research review board with oversight over research design, including any applicable requirements for research involving human subjects the ERC shall provide evidence of approval from the IRB or justification for exclusion from the IRB process before a researcher has access to any data; and
(F) criteria for allocating research access capacity for researchers not affiliated with the sponsoring IHEs.
(6) All final research reports or analysis produced at an ERC shall:
(A) be made available upon request to the cooperating agencies;
(B) a single copy shall be made available to the cooperating agencies for any copyright publications at no cost to the cooperating agencies; institutionally produced or non-copyright publications shall be available for public distribution, copying or reproduction at no cost to the cooperating agencies;
(C) contain a disclaimer in a form acceptable to the cooperating agencies stating that the conclusions of the research do not necessarily reflect the opinion or official position of those entities or of the State of Texas;
(7) An ERC shall comply with the requirements of the Texas Public Information Act, including requirements relating to data manipulation. Charges for processing Public Information Act requests shall be based on guidelines developed by the Texas Attorney General's Office.
(8) A sponsoring IHE shall cooperate fully with all audit requests made by the CB or the Advisory Board. Each ERC shall annually request and undergo a security audit performed by the Texas Department of Information Resources, or a contractor approved by that Department, which shall include a penetration test of computer equipment and access, and provide the results thereof to the CB.
(9) Research projects that require access to data not then included in the database maintained by the CB for research will be provided by the cooperating agencies if available. An ERC will be charged the cost to process or manipulate such data.
(e) Sanctions and Termination.
(1) Upon a determination that confidential information has been released or has been copied to another location, or that appropriate security measures are not in place to protect confidential information, the CB may, in addition to other remedies set forth in this section, require an ERC to obtain appropriate services or equipment or to remove confidential information from such other location in order to remedy a security deficit. Such services or equipment shall be purchased by the ERC from vendors subject to approval of the CB.
(2) The ERC under review shall be required to pay all reasonable costs to the CB for time necessary to re-audit and ensure appropriate security measures are in place after a possible breech occurs.
(3) An ERC may be terminated by the CB for failure to meet the requirements of state or federal law, of this subchapter, or of the terms of a contract establishing the ERC. An ERC shall be entitled to an informal review of a determination to terminate its status by a designee of the Commissioner of Higher Education prior to the effective date of the termination. An ERC shall return all confidential data to the CB within five (5) days of its receipt of a notice of termination and shall not retain a copy, replica, or duplicate thereof, whether in whole or in part. The Commissioner of Higher Education may suspend an ERC while determining whether the ERC's failure to meet the requirements of state or federal law, of this subchapter, or of the terms of a contract establishing the ERC are of such significance to warrant termination. An ERC may not operate during any period of time it is suspended.
(4) Notice of termination under paragraphs (1) and (2) of this subsection shall be provided to the ERC's designated representative and shall contain information regarding the reasons for the termination.
(5) A termination made pursuant to this section shall become final and binding unless, within 30 days of its receipt of the notice of termination, the ERC invokes the administrative remedies contained in Subchapter B of this chapter (relating to Dispute Resolution). If this chapter is so invoked, any ultimate recommendations regarding termination shall be made to the CB which, in turn, shall render its decision in due course. The ERC shall be suspended during the pendency of any such proceedings.
(f) Security.
(1) An ERC must comply with all requirements of FERPA in accessing confidential information to conduct research. Notwithstanding any other provision in this subchapter, failure to maintain adequate security to avoid the unauthorized disclosure of confidential information provided to the ERC shall be grounds for immediate termination of the authorization to access such data.
(2) The CB may suspend access to confidential information provided to an ERC based on a significant risk of unauthorized disclosure of confidential information.

Source Note: The provisions of this §1.18 adopted to be effective August 15, 2007, 32 TexReg 4968; amended to be effective February 18, 2008, 33 TexReg 1324; amended to be effective November 21, 2013, 38 TexReg 8191; amended to be effective June 6, 2016, 41 TexReg 3995; amended to be effective August 16, 2020, 45 TexReg 5510

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        art.dialog.defaults.title = window.location.href;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');