A Data Transfer and Use Agreement (DTUA) is a legally binding contract used for the transfer of data that has been developed by nonprofit, government or private industry entity or CU Boulder for data that is not public or is otherwise subject to restrictions on use.  Often, this data is a necessary component of a research project and may or may not be human subject data from a clinical trial, or a Limited Data Set as defined in HIPAA.   

DTUA terms specify how the recipient must access, handle, store, and dispose of the data upon completion of the project but permit appropriate publication and sharing of research results in accordance with CU Boulder policies, applicable laws and regulations, and federal requirements.   

CU Boulder is a state-related entity that receives a large proportion of its research funding from the U.S. federal government.  To ensure that DTUAs meet CU Boulder policies as well as the requirements of funding agencies, OCG will review and sign DTUAs to ensure compliance with appropriate policies and regulations.   

CU Boulder uses the Data Transfer and Use Agreement templates developed by the Federal Demonstration Partnership (FDP). The templates and other helpful resources are available at the FDP website.  

How to Initiate a Data Transfer and Use Agreement 

Contract Administrators in the Office of Contracts and Grants (OCG) are the authorized representatives on behalf of CU Boulder for negotiation and execution of DTUAs that do not require a fee. Requests for both inbound and outbound no fee DTUAs are initiated through the DTUA Online Request Form

DTUAs that require a payment by CU Boulder are handled through the Procurement Services Center (PSC). 

Once the DTUA request is received, a Contract Administrator will perform due diligence of the request, as follows: 

  1. Conduct an initial review and thorough analysis of the request. 

  1. Correspond with the CU Boulder Principal Investigator (PI), asking additional questions as needed to ensure comprehensive understanding of the necessity and needs of the contract.  

  1. If necessary, the Contract Administrator will guide the PI to reach out for internal approvals required by the terms in the DTUA (often OIT and/or IRB). Note: PIs are responsible for coordinating with OIT for a data security plan and with the IRB, as applicable to the project. 

  2. Collaborate with Venture Partners at CU Boulder, the Office of University Counsel, the Office of Research Integrity, the Office of Environmental Health & Safety, the Facilities Security Officer and other campus offices as necessary to ensure compliance with CU Boulder policies. 

  3. Negotiate and correspond directly with the other party's contractual point of contact while copying the PI for transparency. 

  1. Coordinate execution once negotiations are final. 

Note: The delegation of signature authority for DTUAs at CU Boulder is held by OCG. PIs cannot sign DTUAs on behalf of CU Boulder.