The VDE Application Process

DSDR intakes applications to access restricted-use data electronically via the ICPSR Virtual Data Enclave (VDE) Management System. Requirements for accessing data through the VDE align with protocols for accessing data via other methods. One capability of the VDE is the facilitation of team science. DSDR provides the VDE as a free service to researchers. The ICPSR Virtual Data Enclave Documentation page provides information on various aspects of using the VDE including a list of available software.

The VDE Management System allows applicants to provide project information, add research staff (users), and manage their application. The applicant submits completed documents, including the Restricted Data Use Agreement, Data Security Plan(s), and Confidentiality Pledge(s) via email and DSDR staff upload these documents to the system. Submitted applications are reviewed by DSDR staff. The entire process from submission to approval takes about one week on average, but it can vary based on the quality of a submitted application, the responsiveness of the investigator throughout the review process, and the volume of requests being reviewed by DSDR at any given time.

To apply for access to restricted-use data, select the Restricted Data button on the study home page. A pop-up box will open with an option to begin the application process for access via Secure Download or the Virtual Data Enclave. After selecting Virtual Data Enclave:

  • Create an Online VDE Application 
    • Principal Investigator contact information
    • Research project title (must match IRB Approval/Exemption)
    • Research project description
    • Research abstract
    • Funding (Note: may put NA or none if no funding for project)
    • Data selection (Note: In this section, researchers are able to add datasets covered by the same legal agreement to their application)
  • Submit all documentation: Upon creating a VDE project, you will receive an email with a link to download the Restricted Data Use Agreement, Data Security Affirmations, and Confidentiality Pledge. The following documentation must be submitted to DSDR-restricted-data@umich.edu in order for a VDE application to be reviewed:
    • Restricted Data Use Agreement (RDUA): This agreement must be signed by the Principal Investigator and a Representative of the Institution who has the authority to sign legally binding agreements on behalf of the Institution where the data will be accessed. [View sample RDUA]
      • If Investigators from multiple Institutions will be working together on a project, each Institution requires their own RDUA. 
      • The Representative of the Institution is usually someone from the Office of Sponsored Research, a Contracts Officer, or a Provost. Deans, Chairs of Departments, and other faculty rarely have this authority.
    • Proof of IRB approval or exemption: Evidence of IRB approval or exemption is required. The project title on the IRB approval document must match the project title from the online VDE project form.
    • Confidentiality Pledge: The pledge must be completed by the Principal Investigator and each member of the project team. [View Confidentiality Pledge]
    • VDE Data Security Plan: The Security Plan must be completed by the Principal Investigator and each member of the project team. The form must include the full physical address of the location where that individual will access the VDE (i.e., room/apartment number, building, address, city, state, province and/or country if applicable). This location then becomes the ONE approved location for use unless a change of location is approved by DSDR Staff. Additional locations are reviewed and approved on a per case basis. [View VDE Security Plan]
    • Other documentation: Certain studies require additional documentation as part of the approval process. If this is the case, those requirements are detailed in the Data Use Agreement. 
  • Review of request: When the request is complete and submitted, DSDR staff begin their review of the materials.
  • Request returned to applicant: If there are incomplete sections or unmet requirements, the request may be returned with an explanation of what changes need to be made. It is rare for a request to be filled out flawlessly on the first submission, so initial rejection is common.
  • Resubmit request: If the request was rejected, you must make the requested changes and resubmit the request.
  • VDE Training: You and each team member must complete a short VDE training and take the associated quiz. Each person must email DSDR with notification of the completion.
  • DSDR project approval: After any errors in the application materials are corrected, DSDR staff will approve the request.
  • Provide Access to the VDE: Application approval notifications are sent by email and provide instructions on how to request a user account for yourself and any project staff. Once ICPSR creates the requested user account(s), a follow-up email is sent with instructions for downloading the required software client and accessing the VDE.
Print the checklist

Disclosure-Protection Rules

Please be aware that no output may be removed or transcribed from the VDE in any form without approval by DSDR or ICPSR staff. This includes sending any information via email, even simple statistics or screenshots, and even only to ICPSR staff or your project team. Doing so would constitute a violation of your legal agreement with ICPSR and the University of Michigan. Please refer to your Restricted Data Use Agreement for additional information.

Disclosure protection rules define what results from analyses involving restricted-use data may be presented or published. These rules prevent the indirect re-identification of respondents and organizations. 

The following table provides general disclosure protection guidelines that can be applied to all studies. Specific guidelines for disclosure are outlined in the Data Use Agreement for each study.

Rule Description Values
PII or PHI Personally Identifiable Information such as names, addresses, and respondent ID cannot be reported Direct identifiers
Suppressed Variables While these variables can be included in analysis, coefficients and tables for them cannot be reported Geographic Identifiers
Suppressed combinations of variables While these variables can be reported separately, they may not be used together in tables or interactions Detailed household structure
. . .
Rule Description Values
PII or PHI Personally Identifiable Information such as names, addresses, and respondent ID cannot be reported Direct identifiers
Suppressed Variables While these variables can be included in analysis, coefficients and tables for them cannot be reported Geographic Identifiers
Suppressed combinations of variables While these variables can be reported separately, they may not be used together in tables or interactions Detailed household structure
Minimum cell sizes For tables, minimum allowed cell sizes. Cells below this value require rows or columns to be combined. Redaction of the individual cell is insufficient 10
Minimum sample and sub-sample size Minimum number of valid observations (excluding missing data) for regression analysis 50
Disallowed sub-samples Sub-samples that are not allowed even if the sub-sample meets sample size requirements Ranking of specific places or organizations
Dummy variables Dummy variables for which coefficients cannot be reported Ranking of specific places or organizations
Organizations and Groups Organizations and Groups for which results cannot be presented separately Ranking of specific organizations
Nested tables Tables that can be combined into one table Tables may not be combined to produce another table, typically by subtracting cell counts across tables.
Saturated or near saturated models Models that reproduce the data exactly Maximum R-squared 0.5

Minimum df remaining 40
List cases including predicted values An individual case or roster of cases cannot be reported List cases and scatterplots are not allowed
Weights Do results have to be weighted? Unweighted totals may be presented for tables but not individual cells
Visualizations   Maps must obscure exact locations
Linkages What data may not be linked? Contextual linkages for geographic areas are typically allowed. Linkages at the individual level must be explicitly approved.

Output Vetting for Compliance with Disclosure Protection Rules

Researchers are responsible for adhering to disclosure protection rules and must review their output before submitting to DSDR for disclosure review and final approval. Submitted output should not exceed 100 pages and can include Word tables, Excel spreadsheets, and graphics (preferred) or raw output from a statistical package (files and logs). SPSS output must be saved and submitted as a PDF. Files submitted for disclosure review should be final versions that are ready for publication, presentation, etc.

To request output, please email DSDR with a subject line that contains your VDE project number. Include the following information in your message:

  • Name of study or data that are the basis of the results
  • PI of the VDE Project
  • Location of output file(s) to be reviewed
  • Name(s) of output file(s) to be reviewed

In the VDE, include the following information within the output file(s) to be reviewed:

  • Sample size for each regression or table; if table contains several regressions, sample size for each regression
  • Sample size for each statistic
  • Description of sample or sub-sample and population or sub-population for each regression or table
  • Description of content of table cells
  • If regression, indicate the y-variate or outcome
  • If regression, indicate dummy variables
  • Indicate whether the results are weighted
  • Counts of observations for dummy variables
  • Counts of observations for table cells
  • Labels for all variables or glossary of variables
  • Labels for all categories of variables
  • Minimum and maximum values must have counts of observations
  • Histograms and other charts must have associated tables.

Modifying Active Agreements and Submitting Annual Reports

  • For adding or removing research staff, changing locations, or requesting additional datasets
    • Adding Research Staff
      • Each new staff member must complete a VDE Security Affirmation and a Confidentiality Pledge
      • Each new staff member must complete the online VDE training and quiz; they must email DSDR with notification of the completion 
      • New staff are NOT allowed to access or use the data UNTIL they have been approved by DSDR staff
    • Removing Research Staff
      • The Principal Investigator must email DSDR of with notification of the research staff member’s removal 
      • The Project Administrator (Usually the individual who completed the initial online application) must remove the VDE license from the online agreement as quickly as possible
    • Changing Locations
      • For each individual changing locations, a new VDE Security Affirmation must be completed and submitted
      • The new location MUST meet all of the security affirmation requirements
      • New locations must be approved by DSDR staff before they can be used to access or use the data.
  • For submission of annual reports, or requests for extension or termination of the Data Use Agreement
    • Annual Reports: Email the annual report of data usage to DSDR staff (template available upon request)
    • Extension Requests: 
      • Email DSDR staff with the request
      • DSDR staff will provide an extension form
      • Provide the completed extension form and an annual report of data usage (template available upon request)
    • Termination Requests: Email the request and a final report of data usage to DSDR Staff (report template available upon request)
  • Other changes: Please email DSDR to discuss
Print the checklist

Additional Resources

Restricted-use Data FAQs