Navigating Data Use Agreements (DUA)
Navigating Data Use Agreements
A Data Sharing Agreement, Data Transfer Agreement, or Data Use Agreement (DUA) is a legally binding contract between two or more institutions that documents what data is being shared and how the data can be used. Negotiating these agreements can be complex, especially when research involves sensitive or regulated data. The Information Assurance team plays a critical role in supporting researchers through this process by ensuring compliance with information security policies, lending organization requirements, and federal regulations.
A key part of this support includes reviewing the security requirements outlined in DUAs and determining whether the University can meet those obligations without disrupting the research. To do this effectively, the Principal Investigator must provide detailed information about their project to Information Assurance, University Research Administration, and Institutional Review Boards, including the following:
-
data classification
-
source organization
-
whether the project is a renewal
-
storage plans
-
potential use of generative AI
The expertise of the Information Assurance team in assessing regulatory risk, secure data handling, and technical infrastructure is essential to protecting research and ensuring that agreements are properly vetted.