Data Transfer and Use Agreements (DTUA/DUAs)
A Data Transfer and Use Agreement (DTUA/DUA) is a legally binding contract used for the transfer of data that is not public or is otherwise subject to restrictions on use. The data can be created by a nonprofit, government, private industry entity, or Â鶹Ãâ·Ñ°æÏÂÔØBoulder. The data may or may not be human subject data from a clinical trial or a Limited Data Set as defined in the Health Insurance Portability and Accountability Act (HIPAA).  Data is often a necessary component of a sponsored project. ÌýÌý
DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project. The terms must also allow for publication and sharing of sponsored project results in accordance with Â鶹Ãâ·Ñ°æÏÂÔØBoulder policies, applicable laws and regulations, and federal requirements. ÌýÌý
Â鶹Ãâ·Ñ°æÏÂÔØBoulder is a state institution that receives a large proportion of its sponsored project funding from the federal government.  To ensure that DTUAs meet Â鶹Ãâ·Ñ°æÏÂÔØBoulder policies, the requirements of funding agencies, and comply with appropriate policies and regulations, the Office of Contracts and Grants (OCG) will review and sign DTUAs.
Â鶹Ãâ·Ñ°æÏÂÔØBoulder uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý
How to Initiate a Data Transfer and Use AgreementÌý
Contract Officers in OCG are the authorized representatives on behalf of Â鶹Ãâ·Ñ°æÏÂÔØBoulder for negotiation and execution of DTUAs that do not require a fee.  Requests for both inbound and outbound no-fee DTUAs are initiated through the .Ìý
DTUAs that require a payment by Â鶹Ãâ·Ñ°æÏÂÔØBoulder are handled through the Ìý
Once the MTA requestÌýis received, a Contract Officer will:
- Review the request.
- Ask the Â鶹Ãâ·Ñ°æÏÂÔØBoulder Principal Investigator (PI) any additional questions to ensure understanding of the necessity and needs of the contract.
- Guide the PI through obtaining any necessary internal approvals required by the terms of the DTUA. Common examples include approvals from the Office of Information Technology (OIT) and the Institutional Review Board (IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB as appropriate for the project.Ìý
- Collaborate with other Â鶹Ãâ·Ñ°æÏÂÔØBoulder offices as necessary to ensure compliance with Â鶹Ãâ·Ñ°æÏÂÔØBoulderÌýpolicies. These may include:
- Venture Partners
- University Counsel
- The Office of Research Integrity
- Environmental Health & Safety
- The Office of Export Controls
- Negotiate with the other party. The PI will be copied on all correspondence.
- Coordinate execution once negotiations are final.Ìý
Please note:  PIs cannot sign DTUAs on behalf of Â鶹Ãâ·Ñ°æÏÂÔØBoulder. Contract Officers in OCG have the authority to sign DTUAs on behalf of Â鶹Ãâ·Ñ°æÏÂÔØBoulder.Ìý
Ìý