Skip to Main Content

Data Use Agreements FAQs

Why sign a DUA?

DUAs address important issues such as limitations on use of the data, liability for harm arising from the use of the data, publication, and privacy rights that are associated with transfers of confidential or protected data. The understanding established by the DUA can help avoid later issues and will ensure the appropriate use of data for a specific research project, protecting both the provider and the recipient.

Establishing a Data Use Agreement Achieves the Following:

  • Protects the investment and reputation of both the investigator and the University
    • Access to important data makes an investigator more competitive in publications and grants; sharing of this data helps to foster collaboration with other leading scientists
  • Ensures that the investigator and University receive academic credit for their work
    • Appropriate acknowledgement of the data’s source in academic publications and presentations can be addressed in the DUA, although any determination of appropriate authorship designation must be based on actual contribution to the research, and cannot be agreed upon in a DUA.
  • Prevents the inappropriate use of intellectual property or protected or confidential information that could cause harm to research subjects, the investigator or the University
  • Helps to shelter the investigator and University from any liability or loss arising from a recipient’s use of University data
  • Assures that the recipients are using the data in accordance with applicable law
    • Contractually obligates the recipient to use the data only for the purpose described in the DUA
    • Where data may be subject to HIPAA, ensures that appropriate restrictions on use are maintained

Who signs DUAs?

UMBC’s Office of Sponsored Programs (OSP) is authorized to enter into research agreements, including DUAs, on behalf of the University.  Researchers are not authorized to negotiate or sign agreements on behalf of the University.  When a researcher signs such an agreement on behalf of the University, the researcher could be subjected to legal and financial risks. It is important for the researcher to read the terms of a DUA before forwarding it to the OSP for University signature. The OSP assumes a researcher who transmits a DUA has read and agrees to conform to those terms, whether or not the researcher’s signature is required on the DUA itself. The OSP will confer with General Counsel and IRB or other pertinent compliance offices as required in the evaluation of DUAs.

What are Examples of Data that might be exchanged under a DUA?

  • Records from governmental agencies or corporations
  • Human Research Subject Data
  • A limited data set
  • Genetic sequences
  • Models
  • Proprietary or valuable information or material that does not fit the profile of a tangible physical material

When do I need a DUA?

For Human Subject Data

  1. Disclosure of data for research purposes and
  2. Individual authorization for disclosure to this recipient is not/has not been obtained (from human subject, as through use of a subject-signed informed consent authorization) and
  3. Disclosure is permitted under an IRB-approved protocol (for human subject research) or
  4. The researcher is disclosing or receiving a “limited data set” of personal health information, as defined under HIPAA.  For more information on limited data sets under HIPAA, see: Contact the IRB if the use of archived protected health data falls under the definition of “research”.

For Non-Clinical Data

  1. When no other form of contract concerning the data transfer exists between the provider and the recipient and
    • When data is not in the public domain, and the disclosing party wishes to limit the further use or distribution of the data in some way, and
    • The recipient intends to use the data for research purposes

When don’t I need a DUA?

  1. When data is publicly available in public domain.
  2. When data is exchanged that is not subject to a legal or other restriction on its use.
  3. When de-identified data is exchanged for research purposes under a subcontract or other form of agreement with the recipient.  “De-identified data” as used here has the meaning attributed in HIPAA.