Using and Protecting Research Data

Data Use Agreement (DUA)

Data Use Agreements (DUAs) are legally binding contracts between the George Washington University (GW) and another executing party that provide the terms for transferring data from the provider organization to the recipient organization. GW can either be the provider or the recipient of data.

In general, any sharing of “restricted use” or “regulated” data, will require an agreement between the providing party (owner of the data) and the receiving party (data user). Failure to follow DUA terms could result in significant liabilities including possible criminal sanctions as well as impacting other rights of the parties involved.

The Office of Research Integrity (ORI) within the Office of the Vice President for Research (OVPR) must review and approve all DUAs.



COVID-19 Related Guidance

The COVID-19 pandemic and its impacts may introduce challenges in data sharing, management, and protection pursuant to data use agreements and data management plans. The Office of Research Integrity within the Office of the Vice President for Research, in partnership with the Privacy Office, GW Information Technology (IT), School and College IT, and Libraries and Academic Innovation, provides the following COVID-19 related guidance to the research community in Data Management COVID 19 Guidelines.

Drafting a Data Use Agreement

If GW is the providing party, ORI can assist in the drafting of DUAs or provide an approved template agreement (e.g., Federal Demonstration Partnership - Data Transfer and Use Agreement). To begin the process, please provide the requested information via the DUA Intake Form (GW NetID login required).

Reviewing and Executing Data Use Agreements

All DUAs involving GW as an executing party must be reviewed and approved by ORI. To begin the review process, please complete the DUA Intake Form (GW NetID login required) and submit the proposed DUA. ORI will review the DUA terms and conditions; propose or negotiate terms with the other party; and, when necessary, forward to partner units for consultation (e.g., Office of General Counsel, Office of Contracts and Insurance, and GW IT). ORI will work with the investigator to obtain additional information that may be required (e.g., documentation from the Office of Human Research or export-controlled information).

Upon request, ORI can provide an orientation to the terms and conditions of DUAs in which GW is a party. This recommended service allows the investigator to understand their and the university’s rights and responsibilities under the agreement.

Once the DUA review is complete, ORI will forward the agreement to the Institutional Official (IO) for signature. The Director, Research Integrity and Compliance of the Office of Research Integrity within OVPR is the IO delegated with signatory authority to execute DUAs.


Submit a DUA for Review

Investigator's Responsibility

ORI will review DUA terms and conditions only. It is the responsibility of the investigator to ensure GW can comply with terms related to the administrative, technical, and physical safeguarding of the data.  We encourage researchers to consult with the Office of Ethics, Compliance, and Privacy on the framework for classifying university data and to review the Data Classification Guide (PDF), Data Protection Guide (PDF), and related GW policies. ORI strongly recommends investigators work with their local information technology units, GW IT, and GW Libraries to develop data management plans that address access, protection, storage, and preservation of the data before submitting DUAs for review.

Contact Us

Email [email protected] if you have questions about Data Use Agreements or the DUA review process.