Data Transfer and Use Agreements (DTUA/DUAs)

A Data Transfer and Use Agreement (DTUA/DUA) is a legally binding contract used for the transfer of data that is not public or is otherwise subject to restrictions on use. The data can be created by a nonprofit, government, private industry entity, or CU ÌÇÐÄVlogÆƽâ°æ. The data may or may not be human subject data from a clinical trial or a Limited Data Set as defined in the Health Insurance Portability and Accountability Act (HIPAA).  Data is often a necessary component of a sponsored project. ÌýÌý

DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project. The terms must also allow for publication and sharing of sponsored project results in accordance with CU ÌÇÐÄVlogÆƽâ°æ policies, applicable laws and regulations, and federal requirements. ÌýÌý

CU ÌÇÐÄVlogÆƽâ°æ is a state institution that receives a large proportion of its sponsored project funding from the federal government.  To ensure that DTUAs meet CU ÌÇÐÄVlogÆƽâ°æ policies, the requirements of funding agencies, and comply with appropriate policies and regulations, the Office of Contracts and Grants (OCG) will review and sign DTUAs.

CU ÌÇÐÄVlogÆƽâ°æ uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý

How to Initiate a Data Transfer and Use AgreementÌý

Contract Officers in OCG are the authorized representatives on behalf of CU ÌÇÐÄVlogÆƽâ°æ for negotiation and execution of DTUAs that do not require a fee.  Requests for both inbound and outbound no-fee DTUAs are initiated through the .Ìý

DTUAs that require a payment by CU ÌÇÐÄVlogÆƽâ°æ are handled through the Ìý

Once the MTA requestÌýis received, a Contract Officer will:

  1. Review the request.
  2. Ask the CU ÌÇÐÄVlogÆƽâ°æ Principal Investigator (PI) any additional questions to ensure understanding of the necessity and needs of the contract.
  3. Guide the PI through obtaining any necessary internal approvals required by the terms of the DTUA. Common examples include approvals from the Office of Information Technology (OIT) and the Institutional Review Board (IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB as appropriate for the project.Ìý
  4. Collaborate with other CU ÌÇÐÄVlogÆƽâ°æ offices as necessary to ensure compliance with CU ÌÇÐÄVlogÆƽâ°æÌýpolicies. These may include:
    • Venture Partners
    • University Counsel
    • The Office of Research Integrity
    • Environmental Health & Safety
    • The Office of Export Controls
  5. Negotiate with the other party. The PI will be copied on all correspondence.
  6. Coordinate execution once negotiations are final.Ìý

Please note:  PIs cannot sign DTUAs on behalf of CU ÌÇÐÄVlogÆƽâ°æ. Contract Officers in OCG have the authority to sign DTUAs on behalf of CU ÌÇÐÄVlogÆƽâ°æ.Ìý

Ìý