Last updated on January 12, 2021 8 min read Industry Collaboration - Data Use Agreements

We recommend researchers enter into a data use agreement any time data is transferred into or out of BU. Learn more below or find the DUA Request Form here.

What is a Data Use Agreement?

A Data Use Agreement (“DUA”), sometimes referred to as a Data Transfer Agreement (“DTA”) or a Data Sharing Agreement (“DSA”), is a formal, written contractual agreement between two or more parties that establishes specific ways in which data may be used and how it must be protected. These agreements can be set up between academic institutions, government agencies, and/or corporate entities. A DUA is generally required for any data sharing to occur; sharing data without a DUA in place can leave researchers and institutions unwittingly in violation of ethical and regulatory standards.

Often, data subject to a DUA are a necessary component of a research project. A DUA legally binds the parties to appropriate protection and use of the data, and establishes conditions such as who is permitted to use and receive the data set, the limitations on use and further disclosure of the data by the recipient, obligations to safeguard the data, liability for harm arising from misuse of the data, and publication expectations and/or acknowledgments. The mutual understanding established by a DUA can help prevent future issues by clearly setting forth the expectations of both the data provider and data recipient.

Researchers may not sign DUAs on behalf of the University. DUAs are legal documents that have to be signed by an University-authorized signatory in order to bind the University to its terms. Please contact Industry Engagement if you receive a DUA from a third party with a request for a signature from BU. The IE contracting team can help review the DUA and guide you through the process.

Common Obligations of a DUA

Common obligations of a DUA provide that the data recipient will:

  • not use, disclose, or destroy the data set other than as permitted by the DUA, or as required by law;
  • use appropriate administrative, technical, and physical safeguards to prevent unauthorized uses or disclosures of the data set;
  • report to the data provider any uses or disclosures of the data set in violation of the DUA;
  • ensure that anyone to whom it provides the data set agrees to the same requirements that apply to the data recipient for receiving or accessing the data; and
  • not re-identify the information or contact the data subjects (for data related to a human subject).

Types of Data That May Be Shared

When Do I Need a DUA?

Unsure if a DUA is necessary? Download the DUA decision tree.

Who will handle my DUA?

Industry Engagement can help manage the review and signing of the DUA. The process for establishing a DUA vary with respect to the type of data being shared, the agencies or institutions involved, and whether the data is inbound (received by Boston University) or outbound (provided by Boston University).

When sending a request for a DUA to Industry Engagement, please complete the DUA Request Form:

DUA Request Form

What happens after form submission?

The completed DUA Request Form provides Industry Engagement with necessary background information about the research. A project summary, list of data elements, funding sources, expectations for sharing results and publication authorship, and human/animal/stem cell compliance (as applicable) are essential to ensuring the terms of the DUA are appropriate. Industry Engagement may contact you with additional questions based on the information provided and the specific agreement terms. We may also consult with other compliance and legal offices at the University, as necessary, in our review of the DUA to ensure adequate protective measures and approvals are in place. Changes to the agreement may be necessary based on project/data specifications.

CHIA Data & Other Master Agreements

All BU researchers in any school/institute/other division of BU who obtain CHIA data for research must comply with this protocol.

Please note that BU may already have master data use agreements in place with certain entities:


For questions about DUA processing, please contact Industry Engagement at

    Information For...

    Back to Top