How does my institution become a member?
Download our Membership Agreement and return either a redline copy (if your internal process of evaluation leads you to wish to propose changes) or a signed copy (if no changes are needed) to Karen Woollams (woollams at umich.edu) and Jason Owen-Smith (jdos at umich.edu). We will route the agreement through our internal processes and an attorney from the University of Michigan will be in touch.
Who is the primary legal contact if I have questions about the agreement?
The primary legal contact is Patrick Woods, Office of Research & Sponsored Projects.
Address: 3003 S State Street 1034 WT
Ann Arbor MI 48109-1274
Email: pajwoods at umich.edu
You may also direct questions to Jason Owen-Smith, IRIS Executive Director.
Why do you need identified data?
We plan to use the identified data entirely for the purposes of linkage to other data sources. In particular we’ll be making links to patents, publications, and potentially (depending on agreements we’re negotiating) to things like Proquest dissertation data using computational name matching methods. These linkages allow us to conduct research and report much more fully on the process and products of research.
Why does IRIS ask for employee name and date of birth?
When data are linked to Census datasets, a matching process is used that searches within employees of your institution to match on name and then relies on year and month of birth information to distinguish among individual employees who share the same name. The EIN numbers you provide to IRIS are also essential to this process. Once data are linked, an anonymized persistent identifier is assigned and other identifying fields are stripped; the data then undergo rigorous disclosure review at Census as an extra step to reduce the possibility of re-identification. No name-linked data are ever released by IRIS; rather, only aggregate data are reported. Our work with Census has indicated that a full DOB isn’t necessary to make a good match to their datasets. Name only yields a match rate of about 75%; adding birth year or month increases the match rate to about 87%, and using name and month/year of birth increases the match rate to over 96%. It is our practice to collect the minimum amount of data to obtain maximum results.
How long will you keep my restricted data?
The identifiable data are retained by IRIS until a campus determines that it does not want to continue participation at which point (as described in the Membership Agreement) they will be destroyed. The de-identified data that they were used to produce will not be, we will retain that for the purposes of replication. We anticipate returning to members with a request for renewal as the three year term of initial agreements comes to an end.
Are you IRB approved?
IRIS is an IRB approved data repository at the University of Michigan (IRB # REP00000017).
Who else will have access to my restricted data?
Under the terms of the IRIS Membership Agreement, access to restricted data from your institution is limited to approved IRIS Nodes and IRIS partners. Nodes are organizations under contract with IRIS to improve the data using the IRIS data system. Partners are organizations that are approved to receive whole or partial copies of restricted data for the purposes of improving them in their own data systems. Nodes and partners will both need to be approved by the IRIS governing board, which will be empaneled by the beginning of 2016. The only partner currently participating in IRIS is the U.S. Census Bureau.
What will happen to my data at the U.S. Census Bureau?
When the data arrive at Census they the PII data to make a match between the UMETRICS data and a restricted file at Census called the Numident. That match allows Census to assign an individual a Protected Identification Key (PIK). In pilot studies we found that name plus month and year of birth yields about a 99.3% match rate. With name alone we get about 75% and primarily miss people who have the same surname. Without the PII the match and assignment of a PIK at the individual level is impossible. Once the match is made PII is stripped from the data and all future individual level data integration and work in the Census context proceed using the PIK. Those de-identified data will eventually be made available through the Census Research Data Center System (see an example of the RDC at Michigan). Access to data through the RDC is managed by Census and requires that a project be approved by the Census Bureau and that a researcher receive special sworn status as a Department of Commerce contractor, a process that requires a full background check. The RDC system releases statistical results from approved projects after a strict disclosure proofing process that is designed to prevent the secondary re-identification of an individual or organization. It is a felony to disclose any information about organizations or individuals from the Title 13 and Title 26 protected Census data.
Does signing the Membership Agreement obligate me to submit every data field?
While the quality and completeness of the reports your campus will receive depend on the data you submit, you are not obligated to provide every data field we request. You may choose to participate in IRIS while only submitting some data. You may not receive all the reports we could generate for you, however, and the membership fee is unchanged. We are happy to provide as clear a picture of how exclusion of particular data fields might affect reports.
How will IRIS protect my data?
IRIS has a FISMA compliant security architecture that combines technical, physical, and institutional safeguards to insure the security of data submitted by our members. More details are available in the IRIS Data Management Plan.
What does my campus need to do to participate fully?
In addition to preparing to submit data, each participating campus must make a yearly financial contribution that will be used solely to support the infrastructure necessary to maintain IRIS as an independent data resource built by and for universities and their researchers. In addition each campus must identify a primary communications contact and a primary data contact who together will serve as a point people for IRIS to work with your campus.
Does the inclusion of students in the research administration data trigger FERPA?
Ultimately, this is a question each campus must answer with its own Office of General Counsel. If your campus determines that information about student employees is protected under FERPA, the IRIS MOU includes provisions that can enable you to share these data under the FERPA study exception (34 C.F.R. 99.31(a)(6)). Please do not hesitate to contact us directly if you have any questions or would like us to arrange an attorney-to-attorney conversation with the Michigan Office of General Counsel.
We hope your campus will decide to include student information in the dataset so that IRIS can return complete data reports to you and to facilitate systematic study of the value of research and research investment using the de-identified secondary data IRIS produces in its role as an IRB approved data repository.
How much time does it usually take to pull together the data on our end?
Compiling and transmitting administrative data from your HR, procurement, and research systems may feel daunting but we will walk you through this process step by step. We estimate the initial data transmission will take about 40 hours of institutional effort, and considerably less time for subsequent transmissions. Institutions that participated in the federal STAR METRICS program find it takes only about 10 hours to adapt existing scripts for the initial transmission of data to IRIS.
We’re a private institution. What about FOIA?
In 1994, the State of Michigan passed the Confidential Research and Investment Information Act (CRIIA) to protect confidential research, intellectual property, and trade secret records maintained by any public university or college in Michigan. Under CRIIA, data provided to a public university in Michigan by a private external source may be withheld from disclosure if all the following conditions are met:
- The information is used exclusively for research, testing, evaluation, and related activities;
- The information is designated as confidential by the external source before or at the time it is received;
- The University has entered into an authorized agreement to keep the information confidential; and
- A document containing a general description of the information to be received under the confidentiality agreement, the term of the agreement, the name of the external entity with whom the agreement was made, and a general description of the nature of the intended use for the information, is recorded by the University within 20 regular working days after it is received.
The University of Michigan’s General Counsel and FOIA Office have determined that your data submission meets the requirements for an exception to FOIA requests under CRIIA. Our Agreement specifies that all FOIA requests will be reviewed accordant to any applicable FOIA exceptions, including, to the extent the institution depositing data with IRIS is a private entity and the materials have been clearly designated as confidential, the Confidential Research and Investment Information Act (CRIIA).
Download Membership FAQ in PDF