Data use agreements (DUAs) define how data may be used when one party gives data to another. DUAs can include:
- How the data may be used.
- Any prohibitions on how the data may be used by the recipient.
- How long a recipient can use the data.
- How the recipient should dispose of or return the data after that period.
- Steps the recipient must take to secure the data.
- Any confidentiality terms to protect sensitive data.
A typical provision for academic or non-profit organizations is that the data can be used for general teaching and academic research purposes only. Using data for commercial purposes is often prohibited when data is shared between academic institutions or researchers.
When to Use a DUA
Having a DUA is best when you give or receive data and you want to place limitations on what can be done with that data. This is common when the data includes personally identifiable information or health information, as that type of data is governed by additional law, regulations, or Institutional Review Board protocols.
But you might not need a DUA. If you are giving or receiving data that is de-identified, not related to any human subjects data, or does not require any limitations on its use, you likely do not need one.
If you are exchanging or collecting personal data, such as app user data or identifiable information on research subjects, please consider a data privacy agreement.
Requesting a DUA
We work with you to ensure that you understand the conditions in a DUA and maintain a right to publish an analysis of the data. Individual faculty members should not sign data use agreements. If a person is not an authorized signatory for the university and signs a DUA, then they become personally liable. Requests for DUAs and signatures should be routed through Industry, Innovation, and Translation.