Data Use Agreements (DUAs)
Data Use Agreements (DUA) often accompany data submitted for use in projects conducted by students and faculty. It is the responsibility of OSP or OIE, as appropriate, to execute the DUA and review the procedures utilized by the PI to protect the submitted information. The University has developed a DUA template (Word) which may used.
Where the submitted data includes information that could be used to distinguish or track an individual’s identity, or biometric information that could be used in conjunction with other data elements to reasonably infer a respondent’s identity, the information may be protected pursuant to various Federal and State statutes. Special procedures are required to use such covered information on laptop computers, PDAs, zip drives, floppy disks, CD-ROMs or any other IT device.
A DUA will require an internal written plan (“Confidential Control Document Plan – CDCP”) documenting the special procedures that will be used to protect covered information. The Information Security Office will provide assistance in reviewing and auditing CDCPs.