Data Transfer and Use Agreements (DTUA/DUAs)
A Data Transfer and Use Agreement (DTUA) is a legally binding contract used for the transfer of data that has been developed by nonprofit, government or private industry entity or Â鶹Ãâ·Ñ°æÏÂÔØBoulder for data that is not public or is otherwise subject to restrictions on use.  Often, this data is a necessary component of a research project and may or may not be human subject data from a clinical trial, or a Limited Data Set as defined in HIPAA. ÌýÌý
DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project but permit appropriate publication and sharing of research results in accordance with Â鶹Ãâ·Ñ°æÏÂÔØBoulder policies, applicable laws and regulations, and federal requirements. ÌýÌý
Â鶹Ãâ·Ñ°æÏÂÔØBoulder is a state-related entity that receives a large proportion of its research funding from the U.S. federal government.  To ensure that DTUAs meet Â鶹Ãâ·Ñ°æÏÂÔØBoulder policies as well as the requirements of funding agencies, OCG will review and sign DTUAs to ensure compliance with appropriate policies and regulations. ÌýÌý
Â鶹Ãâ·Ñ°æÏÂÔØBoulder uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý
How to Initiate a Data Transfer and Use AgreementÌý
Contract Administrators in the Office of Contracts and Grants (OCG) are the authorized representatives on behalf of Â鶹Ãâ·Ñ°æÏÂÔØBoulder for negotiation and execution of DTUAs that do not require a fee. Requests for both inbound and outbound no fee DTUAs are initiated through the DTUA Online Request Form.Ìý
DTUAs that require a payment by Â鶹Ãâ·Ñ°æÏÂÔØBoulder are handled through the Ìý
Once the DTUA request is received, a Contract Administrator will perform due diligence of the request, as follows:Ìý
- Conduct an initial review and thorough analysis of the request.Ìý
- Correspond with the Â鶹Ãâ·Ñ°æÏÂÔØBoulder Principal Investigator (PI), asking additional questions as needed to ensure comprehensive understanding of the necessity and needs of the contract.ÌýÌý
- If necessary, the Contract Administrator will guide the PI to reach out for internal approvals required by the terms in the DTUA (often OIT and/or IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB, as applicable to the project.Ìý
- Collaborate with Venture Partners at Â鶹Ãâ·Ñ°æÏÂÔØBoulder, the Office of University Counsel, the Office of Research Integrity, the Office of Environmental Health & Safety, the Facilities Security Officer and other campus offices as necessary to ensure compliance with Â鶹Ãâ·Ñ°æÏÂÔØBoulder policies.Ìý
- Negotiate and correspond directly with the other party's contractual point of contact while copying the PI for transparency.Ìý
- Coordinate execution once negotiations are final.Ìý
Note: The delegation of signature authority for DTUAs at Â鶹Ãâ·Ñ°æÏÂÔØBoulder is held by OCG. PIs cannot sign DTUAs on behalf of Â鶹Ãâ·Ñ°æÏÂÔØBoulder.Ìý