Data use agreements (DUAs)

Data Use Agreements (DUA) often accompany data submitted for use in projects conducted by students and faculty.  For those projects not funded by external sponsors it is the responsibility of the College to execute the DUA and review the procedures utilized to protect the submitted information.  A Reference Guide has been developed to assist departments in establishing DUAs with outside entities.  The University has also developed a DUA template which departments may use if needed.

Where the submitted data includes information that could be used to distinguish or track an individual’s identity, or biometric information that could be used in conjunction with other data elements to reasonably infer a respondent’s identity, the information may be protected pursuant to various Federal and State statutes.  Special procedures are required to use such covered information on laptop computers, PDAs, zip drives, floppy disks, CD-ROMs or any other IT device.

A DUA may require a written plan documenting the special procedures that will be used to protect covered information. The Office of SponsoredProjects (OSP) has developed a template Sensitive Data Protection Plan (SDCP) form to assist recipients of covered information to articulate the procedures that will be followed. It remains the responsibility of the College  to review the procedures for adequacy and execute DUAs where the data are used by students or faculty for projects not funded by external sponsors.

The Information Security Office can provide assistance in reviewing and auditing SDCPs when data are to be housed on university computers, and will provide guidance upon request for data housed on non-university owned computers. Inquiries may be sent to

OIE will assist in responding to a DUA submitted with data as part of a research project funded solely by a for-profit entity.  Simply forward the DUA and pertinent information about the sponsored project to

Pertinent Office(s):

  • College Dean or Department Chair