Data Transfer and Use Agreements (DTUA/DUAs)

A Data Transfer and Use Agreement (DTUA) is a legally binding contract used for the transfer of data that has been developed by nonprofit, government or private industry entity or CU Â鶹ӰԺ for data that is not public or is otherwise subject to restrictions on use.  Often, this data is a necessary component of a research project and may or may not be human subject data from a clinical trial, or a Limited Data Set as defined in HIPAA. ÌýÌý

DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project but permit appropriate publication and sharing of research results in accordance with CU Â鶹ӰԺ policies, applicable laws and regulations, and federal requirements. ÌýÌý

CU Â鶹ӰԺ is a state-related entity that receives a large proportion of its research funding from the U.S. federal government.  To ensure that DTUAs meet CU Â鶹ӰԺ policies as well as the requirements of funding agencies, OCG will review and sign DTUAs to ensure compliance with appropriate policies and regulations. ÌýÌý

CU Â鶹ӰԺ uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý

How to Initiate a Data Transfer and Use AgreementÌý

Contract Administrators in the Office of Contracts and Grants (OCG) are the authorized representatives on behalf of CU Â鶹ӰԺ for negotiation and execution of DTUAs that do not require a fee. Requests for both inbound and outbound no fee DTUAs are initiated through the DTUA Online Request Form.Ìý

DTUAs that require a payment by CU Â鶹ӰԺ are handled through the Ìý

Once the DTUA request is received, a Contract Administrator will perform due diligence of the request, as follows:Ìý

  1. Conduct an initial review and thorough analysis of the request.Ìý
  2. Correspond with the CU Â鶹ӰԺ Principal Investigator (PI), asking additional questions as needed to ensure comprehensive understanding of the necessity and needs of the contract.ÌýÌý
  3. If necessary, the Contract Administrator will guide the PI to reach out for internal approvals required by the terms in the DTUA (often OIT and/or IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB, as applicable to the project.Ìý
  4. Collaborate with Venture Partners at CU Â鶹ӰԺ, the Office of University Counsel, the Office of Research Integrity, the Office of Environmental Health & Safety, the Facilities Security Officer and other campus offices as necessary to ensure compliance with CU Â鶹ӰԺ policies.Ìý
  5. Negotiate and correspond directly with the other party's contractual point of contact while copying the PI for transparency.Ìý
  6. Coordinate execution once negotiations are final.Ìý

Note: The delegation of signature authority for DTUAs at CU Â鶹ӰԺ is held by OCG. PIs cannot sign DTUAs on behalf of CU Â鶹ӰԺ.Ìý