The University of Toronto is a research-intensive institution and supports the use of student information to conduct scholarly research on the education process and its impact on careers of graduates.

Research questions often look at multiple factors across students’ experience with the University to determine what experiences correlate with some measure of success.  To do this, the researcher may need to look across the entire length of the student’s experience with the University and beyond. As a result, this research often needs to [no-glossary]linklink
The process of joining electronic records about a person from one source with records about the same person from another source, to create a new record with data from both records.[/no-glossary] several records across databases to create a single record that contains all the information that the researcher needs.

Identifying information is normally removed before the researcher is given access to the dataset.  

Any proposal to conduct scholarly research is reviewed by one of the University’s Research Ethics Boards (REBs) and by the University’s Data Request Review process. These two review processes make sure that any such research is scientifically valid and that the researcher is only given access to the information needed to answer the research question. These reviews exist to protect you and your information.

For approved requests, the researcher is required to enter into a legal agreement with the University that describes the conditions they must satisfy to access identifiable or [no-glossary]de-identifiedde-identified
Information about an individual that has had personal details removed or altered to reduce the ability to re-identify the individual. There are levels of de-identification to balance the need to hide the identity vs. permit statistical analyses. [/no-glossary] information. These conditions include: where the information will be stored, how long they will keep the information, and the required physical, technical, and procedural data [no-glossary]protectionsprotections
Ways of securing data from unauthorized access and use of from data loss or corruption. Physical protections are things like locked doors and closed-circuit TV cameras. Technical protections are things like data encryption. Procedural protections are things like reviewing of formal data access requests.[/no-glossary]. These conditions are determined on a case-by-case basis, through the University’s Data Request Review process described above.