Data Use Agreements

A Data Use Agreement (DUA) or Data Sharing Agreement (DSA) is a non-funded agreement between two parties where either one or both parties exchange data securely. A DUA is always needed to exchange data to or from the University whether or not the data is considered confidential.

A DUA may or may not be related to a funded agreement. Whether the DUA is related to a project handled by the Office of Sponsored Projects (OSP) or not related to a funded agreement, OSP will assist with drafting and executing the DUA. To find your assigned OSP Contracts Coordinator contact, please check the Pre-Award Constituency List broken down by the PI’s Unit Name. For general questions or for those outside the University wishing to enter into a DUA with UT Austin, please send an email to osp@austin.utexas.edu.

DUA Process

Every DUA needs to be submitted to the UT Research Management Suite (UTRMS – link here) via a SmartForm by either the PI or departmental contact. For more information on submitting a DUA SmartForm in UTRMS, please review this PDF. If you have questions about submitting a SmartForm or the UT Research Management Suite, please contact the UT Research Management Suite team here.

When submitting the DUA SmartForm, if you received a draft DUA from the other party, the draft DUA can be uploaded into the UT Research Management Suite for review. Likewise, UT Austin can draft the first version and negotiate the terms with the other party.

Confidential Data

What is considered Confidential Data? Confidential Data is any information that is deemed confidential by law or which must be protected due to contractual agreements requiring confidentiality, integrity, or availability consideration (see UT’s Data Classification Standard for more information). Information that requires safeguarding may include, but is not limited to, HIPAA data, Personally Identifiable Information (PII), Limited Data Set (LDS) and FERPA data.

Confidential Data Control Plans (CDCP)

Depending on the type of data and the terms of the agreement, an additional (internal) agreement called a Confidential Data Security Plan (CDCP) SmartForm will also need to be submitted in the UT Research Management Suite.

A CDCP is an internal agreement that helps ensure that unauthorized persons will not access Confidential Data shared by a third party with UT. A CDCP is required when sensitive research data, is being shared with UT.

A CDCP’s main purpose is to identify the Confidential Data being shared and to describe how the data will be secured while at the university. It includes plans for storing or accessing the data, and procedures for guarding against unauthorized access. The plans are customized dependent on the security measures needed for the circumstances and situations.

CDCP Process

Every CDCP should be submitted to the UT Research Management Suite here via a SmartForm by either the PI or departmental contact. Please also work with your department’s local IT Administrator before submitting the CDCP, and add them as an Agreement Collaborator on the General Information page of the CDCP SmartForm. OSP will handle obtaining the signatures for the CDCP by utilizing DocuSign. If you have questions about submitting a SmartForm or the UT Research Management Suite, please contact the UT Research Management Suite team here.

dbGaP Project Requests

If you are obtaining information from the NIH database of Genotypes and Phenotypes (dbGaP), a DUA SmartForm and a CDCP SmartForm are still required due to the requirements in the standard dbGaP agreement.

For all requests the SO Contact Information is as follows:

Name: Michelle Strickland
Position: Signing Official
Organization: The University of Texas at Austin
Street: 3925 W. Braker Ln., Ste. 3.340, MC: A9000
City: Austin
State: Texas
ZIP: 78759
Phone: 512-471-6424
Email: michelle.strickland@austin.utexas.edu

For the IT Information please include your local IT Administrator or TACC if the data will be stored at TACC.

Institute of Education Sciences Security (IES) Process

A DUA and CDCP SmartForm is required to obtain data from IES. These forms require an ink signature. Please reach out to your Contracts Coordinator for additional instructions.

FAQs

Expand All

How do I know if I am receiving human subjects’ data? Show More: If you are unsure of the information you are receiving is human subjects’ data, please refer to the FDP Tool for Classifying Human Subjects Data.
Do I need an IRB protocol? Show More: Please contact Office of Research Support and Compliance for guidance.
What if I am receiving de-identified data? Show More: A DUA is still required for the data to be transferred.
Where do I obtain a DUA? Show More: Please contact OSP. We will assist you in drafting and executing a suitable agreement.
When do I need to obtain a DUA? Show More: A DUA must be executed prior to the transfer or use of the data.
What if I need access to data from a repository? Show More: Please contact OSP. We are familiar with several of the federal and non-federal data repositories, and we will assist you in the process.
Who signs the CDCP? Show More: The PI and the IT administrator are required to sign, as well as any individuals that need access to the data. OSP will obtain the signatures from all required parties.
What is a Limited Data Set? Show More: A Limited Data Set (LDS) is a data set that does not include certain direct identifiers specified in the Privacy Rule. Limited Data Sets are only for research, public health or health care operations. Limited Data Sets can be transferred without obtaining patient’s authorization.
Who is my local IT administrator? Show More: Please follow this link to find your local IT administrator. If your department does not have the security infrastructure required to keep the data safe and secure, UT’s Texas Advanced Computing Center (TACC) is available.
What if my department does not have the required security measures to store the data? Show More: If your department does not have the required security measures, Texas Advanced Computing Center (TACC) is available to provide these services for data security.