Skip to main content

Data Use Agreements

What is a Data Use Agreement?

A Data Use Agreement (DUA) outlines the terms and conditions for the sharing of sensitive or proprietary data between parties. DUAs vary in complexity but often delineate minimum data security requirements, establish usage limitations, highlight applicable legal, regulatory, or ethical requirements, and summarize liability/consequences for misuse or mishandling.

Who Reviews DUAs?

Several offices at Boise State review DUAs, depending on the data involved:

  • Office of General Counsel (OGC): Ensures agreements comply with legal requirements.
  • Office of Information Technology (OIT): Evaluates and implements necessary IT security measures.
  • Office of Research Compliance (ORC): Reviews for ethical research practices, especially with human subjects.
  • Office of Sponsored Programs (OSP): Ensures agreements meet sponsor requirements.

The Process

Investigator Submits Data Details to the Office of Research Compliance (Initial Assessment)

The Office of Research Compliance is streamlining the process for handling research-related data use agreements to ensure stronger compliance and security. This process will replace the Google  “Data Use Agreement Form” that was previously used and will start immediately. All investigators who plan to use external or third-party data in their research must submit relevant data details to the Office of Research Compliance for initial assessment.

Investigators are required to send the following information to email address below:

  • A copy of the Data Use Agreement (if available)
  • A brief description of the data
  • The intended use of the data in research activities

dataagreements@boisestate.edu

The ORC will triage the request and coordinate reviews with other relevant offices (OGC, OIT, OSP) to ensure a comprehensive and compliant evaluation of the agreement.

This change is designed to provide researchers with guidance early in the project lifecycle and ensure that all applicable legal, technical, and ethical considerations are addressed before data is accessed or used.

Office Review and Follow Up

Relevant offices determine their involvement and if additional information is required or further action is required by the investigator. This may include:

  • OIT assessing minimum security requirements
  • Investigator submitting the DUA through OGC Contract Routing
  • Committee approval for human subjects research through ORC
  • OSP review for specific sponsor requirements/restrictions

Investigator Receives Applicable Office Approvals

All offices involved in the DUA review must approve prior to the DUA and associated documents being signed.

Investigator and Offices Address Terms and Conditions

Prior to signing and data transfer, offices may need to work with the investigator to ensure the terms and conditions of the DUA can be met. Some examples include:

  • User specific access agreements
  • User training
  • Physical security requirements – restrict room access to applicable data users
  • Cybersecurity – air gapped (no network) computer, specific IT storage requirements
  • Committee approvals

Review and Implementation Timeline

Review and implementation times vary by complexity and requirements. Some examples:

  • OGC requests a minimum of 10 business days for contract/agreement reviews.
  • Human subjects research reviews typically take 2-6 weeks depending on the risk.
  • OIT may need to setup an air-gapped computer or establish a new secure environment with special user permissions.
  • A work order may be needed to rekey an office.

Investigators should submit as soon as possible and work with the offices on a timeline based the unique situation.

Contact Us

Need assistance? Contact:

  • Office of Research Compliance (ORC): orc@boisestate.edu
  • Office of Information Technology (OIT): ciso@boisestate.edu

These offices can answer questions and guide you to the appropriate resources.