Data Transfer and Use Agreements (DTUA/DUAs)
A Data Transfer and Use Agreement (DTUA/DUA) is a legally binding contract used for the transfer of data that is not public or is otherwise subject to restrictions on use. The data can be created by a nonprofit, government, private industry entity, or ÃÛÌÇÖ±²¥ Boulder. The data may or may not be human subject data from a clinical trial or a Limited Data Set as defined in the Health Insurance Portability and Accountability Act (HIPAA).  Data is often a necessary component of a sponsored project. ÌýÌý
DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project. The terms must also allow for publication and sharing of sponsored project results in accordance with ÃÛÌÇÖ±²¥ Boulder policies, applicable laws and regulations, and federal requirements. ÌýÌý
ÃÛÌÇÖ±²¥ Boulder is a state institution that receives a large proportion of its sponsored project funding from the federal government.  To ensure that DTUAs meet ÃÛÌÇÖ±²¥ Boulder policies, the requirements of funding agencies, and comply with appropriate policies and regulations, the Office of Contracts and Grants (OCG) will review and sign DTUAs.
ÃÛÌÇÖ±²¥ Boulder uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the .ÌýÌý
How to Initiate a Data Transfer and Use AgreementÌý
Contract Officers in OCG are the authorized representatives on behalf of ÃÛÌÇÖ±²¥ Boulder for negotiation and execution of DTUAs that do not require a fee.  Requests for both inbound and outbound no-fee DTUAs are initiated through the .Ìý
DTUAs that require a payment by ÃÛÌÇÖ±²¥ Boulder are handled through the Ìý
Once the MTA requestÌýis received, a Contract Officer will:
- Review the request.
- Ask the ÃÛÌÇÖ±²¥ Boulder Principal Investigator (PI) any additional questions to ensure understanding of the necessity and needs of the contract.
- Guide the PI through obtaining any necessary internal approvals required by the terms of the DTUA. Common examples include approvals from the Office of Information Technology (OIT) and the Institutional Review Board (IRB).ÌýNote: PIs are responsible for coordinating with OIT for a data security plan and with the IRB as appropriate for the project.Ìý
- Collaborate with other ÃÛÌÇÖ±²¥ Boulder offices as necessary to ensure compliance with ÃÛÌÇÖ±²¥ BoulderÌýpolicies. These may include:
- Venture Partners
- University Counsel
- The Office of Research Integrity
- Environmental Health & Safety
- The Office of Export Controls
- Negotiate with the other party. The PI will be copied on all correspondence.
- Coordinate execution once negotiations are final.Ìý
Please note:  PIs cannot sign DTUAs on behalf of ÃÛÌÇÖ±²¥ Boulder. Contract Officers in OCG have the authority to sign DTUAs on behalf of ÃÛÌÇÖ±²¥ Boulder.Ìý
Ìý