Data Use Agreements

Data Use Agreements (DUAs) are legally binding contracts between the George Washington University (GW) and another executing party that provide the terms for transferring data from the provider organization to the recipient organization. GW can either be the provider or the recipient of the data.

In general, any sharing of “restricted use” or “regulated” data, will require an agreement between the providing party (owner of the data) and the receiving party (data user). Failure to follow DUA terms could result in significant liabilities including possible criminal sanctions as well as impacting other rights of the parties involved.

The Office of Research Integrity (ORI) within the Office of the Vice President for Research (OVPR) must review and approve all DUAs.


COVID-19 Related Communication

The current circumstances and COVID-19 response may introduce challenges in data sharing, management, and protection pursuant to data use agreements and data management plans. The Office of Research Integrity within the Office of the Vice President for Research, in partnership with the Privacy Office, GW Information Technology (IT), School and College IT, and Libraries and Academic Innovation, provides the following COVID-19 related guidance to the research community in Data Management COVID 19 Guidelines.


The DUA Review Process and ORI’s Role

All DUAs involving GW as an executing party must be reviewed and approved by ORI. To begin the review process, please complete the DUA Intake Form (GW NetID login required) and submit the proposed DUA.

ORI will review the DUA terms and conditions; propose or negotiate terms with the other party; and, if necessary, forward to partner units for consultation (e.g., Office of General Counsel, Office of Contracts and Insurance, DIT Risk and Compliance). ORI will work with the investigator to obtain additional information that may be required (e.g., documentation from the Office of Human Research or export controlled information).

If GW is the providing party, ORI can assist in the drafting of DUAs or provide an approved template agreement (e.g., Federal Demonstration Partnership - Data Transfer and Use Agreement). To begin the review process, please provide the requested information via the DUA Intake Form (GW NetID login required).

Upon request, ORI can provide an orientation to the terms and conditions of DUAs in which GW is a party. This recommended service allows the investigator to understand their and the university’s rights and responsibilities under the agreement.

Once the DUA review is complete, ORI will forward the agreement to the Institutional Official (IO) for signature. The director of the Office of Sponsored Projects within OVPR is the IO delegated with signatory authority to execute DUAs.

Email [email protected] if you have questions about Data Use Agreements or the DUA review process.

Submit the DUA Intake Form (GW NetID login required)

View your DUA Submissions (GW NetID login required)


Data Management Plan (DMP): Keeping Data Secure

During the course of a research project, data are created, collected, analyzed, stored, accessed, used, shared, and ultimately archived. A well designed Data Management Plan (DMP) facilitates responsible handling of data and saves time for research teams over the life of a project. In addition, DUAs generally impose specific security standards and risks on the receiving party hosting the data, which are addressed in a DMP. The DMP will document and address all requirements for keeping the data secure.

Depending on the DUA terms, ORI may require a review and risk assessment documented in a DMP for how incoming data will be securely stored on, or accessed by, GW systems or investigators.


Developing a DMP: Helpful Resources

DMPs can serve many purposes. GW Libraries have excellent data management resources and sponsor free access to DMPTool to help you develop a DMP that meets the requirements of various funding agencies. Contact the Data Services Librarian to schedule a DMP review and discuss your data management needs.


DMPs and DUAs

ORI will review DUA terms and conditions only. It is the responsibility of the investigator to ensure GW can comply with terms related to the administrative, technical, and physical safeguarding of the data. ORI strongly recommends investigators work with their local information technology units or the Division of Information Technology's Office of Risk and Compliance, to develop data management plans that address access, protection, storage, and preservation of the data before submitting DUAs for review. Although DMPs are not required for the execution of DUAs, ORI and the IO will require verification that IT review has been performed.



Protecting data is a shared responsibility between the Division of Information Technology (DIT) and the entire GW community.

  • Information Security Policy (PDF):  All university members have the duty to protect university data from unauthorized generation, access, modification, disclosure, transmission or destruction. Certain data require specialized protections, and some of these protections may be provided through data sharing/transfer agreements generally referred to as Data Use Agreements (DUAs) with other parties.


Quick Links

DUA Intake Form (GW netid login required)

Information Security Policy

Powered by IT