Data Transfer and Use Agreements (DTUA/DUAs)

A Data Transfer and Use Agreement (DTUA/DUA) is a legally binding contract used for the transfer of data that is not public or is otherwise subject to restrictions on use. The data can be created by a nonprofit, government, private industry entity, or the ºù«ÍÞÊÓƵ. The data may or may not be human subject data from a clinical trial or a Limited Data Set as defined in the Health Insurance Portability and Accountability Act (HIPAA).  Data is often a necessary component of a sponsored project. ÌýÌý

DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project. The terms must also allow for publication and sharing of sponsored project results in accordance with CU ºù«ÍÞÊÓƵ policies, applicable laws and regulations, and federal requirements. ÌýÌý

CU ºù«ÍÞÊÓƵ is a state institution that receives a large proportion of its sponsored project funding from the federal government.  To ensure that DTUAs meet CU ºù«ÍÞÊÓƵ policies as well as the requirements of funding agencies, the Office of Contracts and Grants (OCG) will review and sign DTUAs to ensure compliance with appropriate policies and regulations. ÌýÌý

CU ºù«ÍÞÊÓƵ uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý

How to Initiate a Data Transfer and Use AgreementÌý

Contract Officers in OCG are the authorized representatives on behalf of CU ºù«ÍÞÊÓƵ for negotiation and execution of DTUAs that do not require a fee. Requests for both inbound and outbound no fee DTUAs are initiated through the .Ìý

DTUAs that require a payment by CU ºù«ÍÞÊÓƵ are handled through the Ìý

Once the MTA requestÌýis received, a Contract Officer will:

  1. Review the request.
  2. Ask the CU ºù«ÍÞÊÓƵ Principal Investigator (PI) any additional questions to ensure understanding of the necessity and needs of the contract.
  3. Guide the PI through obtaining any necessary internal approvals required by the terms of the DTUA. Common examples include approvals from the Office of Information Technology (OIT) and the Institutional Review Board (IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB as appropriate for the project.Ìý
  4. Collaborate with other CU ºù«ÍÞÊÓƵ offices as necessary to ensure compliance with CU ºù«ÍÞÊÓƵÌýpolicies. These may include:
    • Venture Partners
    • University Counsel
    • the Office of Research Integrity
    • Environmental Health & Safety
    • the Office of Export Control
  5. Negotiate with the other party. The PI will be copied on all correspondence.
  6. Coordinate execution once negotiations are final.Ìý

Note: PIs cannot sign DTUAs on behalf of CU ºù«ÍÞÊÓƵ. Contract Officers in OCG have the authority to sign DTUAs on behalf of CU ºù«ÍÞÊÓƵ.Ìý

Ìý