Data Transfer and Use Agreements (DTUA/DUAs)
A Data Transfer and Use Agreement (DTUA/DUA) is a legally binding contract used for the transfer of data that is not public or is otherwise subject to restrictions on use. The data can be created by a nonprofit, government, private industry entity, or CU Â鶹ӰԺ. The data may or may not be human subject data from a clinical trial or a Limited Data Set as defined in the Health Insurance Portability and Accountability Act (HIPAA).  Data is often a necessary component of a sponsored project. ÌýÌý
DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project. The terms must also allow for publication and sharing of sponsored project results in accordance with CU Â鶹ӰԺ policies, applicable laws and regulations, and federal requirements. ÌýÌý
CU Â鶹ӰԺ is a state institution that receives a large proportion of its sponsored project funding from the federal government.  To ensure that DTUAs meet CU Â鶹ӰԺ policies, the requirements of funding agencies, and comply with appropriate policies and regulations, the Office of Contracts and Grants (OCG) will review and sign DTUAs.
CU Â鶹ӰԺ uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý
How to Initiate a Data Transfer and Use AgreementÌý
Contract Officers in OCG are the authorized representatives on behalf of CU Â鶹ӰԺ for negotiation and execution of DTUAs that do not require a fee.  Requests for both inbound and outbound no-fee DTUAs are initiated through the .Ìý
DTUAs that require a payment by CU Â鶹ӰԺ are handled through the Ìý
Once the MTA requestÌýis received, a Contract Officer will:
- Review the request.
- Ask the CU Â鶹ӰԺ Principal Investigator (PI) any additional questions to ensure understanding of the necessity and needs of the contract.
- Guide the PI through obtaining any necessary internal approvals required by the terms of the DTUA. Common examples include approvals from the Office of Information Technology (OIT) and the Institutional Review Board (IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB as appropriate for the project.Ìý
- Collaborate with other CU Â鶹ӰԺ offices as necessary to ensure compliance with CU Â鶹ӰԺÌýpolicies. These may include:
- Venture Partners
- University Counsel
- The Office of Research Integrity
- Environmental Health & Safety
- The Office of Export Controls
- Negotiate with the other party. The PI will be copied on all correspondence.
- Coordinate execution once negotiations are final.Ìý
Please note:  PIs cannot sign DTUAs on behalf of CU Â鶹ӰԺ. Contract Officers in OCG have the authority to sign DTUAs on behalf of CU Â鶹ӰԺ.Ìý
Ìý