Data Use Agreements

Only an authorized signatory of North Carolina State University may approve terms and conditions and sign agreements on behalf of the University and its researchers, whether such agreements signed electronically or otherwise.  Authorized signatories are delegated under REG 01.20.02 and listed here. Faculty members, students, or other individual data users are not authorized to sign Data Use Agreements on behalf of North Carolina State University and should seek assistance from their College Research Office to properly route such agreements to SPARCS for review and signature.

PIs must also retain a copy of the fully executed DUA with their research records as dictated by REG 01.25.12, and in accordance with any other retention requirements indicated by the data provider or funding agency agreement(s).

If you are in receipt of a Data Use Agreement or intend to seek access to a protected dataset, you should work with your College Research Office to route a Data Use Agreement-type Project Information and Navigation System (PINS) record. Once you’ve worked with your College Research Office, you will complete this Data Use Agreement Intake and Request Form, and submit it along with relevant information and other documentation as described below. This will provide SPARCS with the initial information needed to assist with processing your Data Use Agreement.  General questions may be submitted to the appropriate College Research Office.

PINS is an electronic system used to track proposal data and to verify approvals from all faculty and administrators involved in submitting a particular proposal. The use of the PINS system is a required part of the submission process for all proposals submitted by all NC State university faculty.

• Title convention: “Data Use Agreement with [Company Name]”
• Deadline Type: Target
• Complete the ‘Associated RADAR Project ID’ field, if applicable
• Total Amount Requested: $0
• F&A Rate: 52%
• F&A Basis: MTDC
• Justification for Underrecorrery: F&A Fully Recovered
• Provide sponsor point-of-contact information: name and title, email address, and phone number, at minimum.
• Documentation: DUA Agreement, Description of Project (if not included in the agreement), Data Management Plan (if required), and DUA Intake Form.

The agreement and PINS record will be reviewed by SPARCS to determine the next steps needed to agree to the terms and conditions on behalf of NC State University.

These steps may include but are not limited to:

• Negotiations to request changes to language in the agreement
• Data Security Review
• Acceptance of higher risk terms and conditions by department or college leadership

Data Access and Security Plans may be required for regulated data, such as Human Subject information or Export Controlled data, or when the Data provider requires one.  The DUA intake form is intended to help SPARCS identify those circumstances. If the requester has developed a DASP, that can be included in the PINS record, but is not required.

Depending on the specific data and the requirements set forth in the DUA, IRB review and approval or a specific determination may be needed. The IRB outlines requirements for the secondary use of human subjects’ data. Reasons IRB approval for the use of data that is covered under a DUA could include:

• If the data are obtained for research purposes and are considered private and individually identifiable or easily re-identifiable to the research team.
• A data provider may require IRB review/approval or may require an official determination from the IRB that a project is “not human subjects research (NHSR)” before they will share the data.
• Some data providers will require IRB approval as a part of the DUA even if the NC State IRB says no IRB approval is required. In these cases, the NC State IRB will support the researcher and review the project as required by the data provider. 

If IRB review and approval are required, a copy of the DUA must be provided to the NC State IRB for review with the proposed IRB protocol. Any provisions for data access, security, sharing, or disposition of the data as detailed in the DUA must be congruent with the study procedures submitted to the IRB for all associated study protocols. 

The IRB can review and approve a study with a draft DUA to keep administrative processes moving. However, when the DUA is fully executed, the executed DUA (and any resulting updated study procedures) must be submitted to the IRB via an amendment for review and approval before any data are exchanged.

Data Use Agreements may specify only named project personnel as authorized to access data under the terms and conditions of the agreement. However, if the agreement does not require specifically named individuals, only North Carolina State University employees are authorized to access the data.  Additional data security requirements should be taken into consideration, if applicable.

The PI is accountable for all project personnel who will have access to the data.

If you would like to allow an unpaid student (undergraduate and graduate student) access to data received under a Data Use Agreement, please contact SPARCS prior to allowing access.

Generally speaking, students who are not graduate students on a research assistantship conducting University research will need to be independently bound to terms and conditions contained in any Data Use Agreement, including obligations of confidentiality and non-redistribution.

Under U.S. export control laws, a license may be required from the Bureau of Industry and Security of the Department of Commerce for the export of certain data. Anyone who is planning to transfer controlled material by the Department of Commerce or the Department of State outside of the United States should work with the NC State  Export Control Office for assistance in seeking any required license. In addition, transfers of certain proprietary information to foreign entities and collaborators may require further review and consideration.

• REG 01.25.09 Privacy/Confidentiality, Release and Security of Protected Health Information 
• RUL 01.25.02 Student Health Service, Counseling Center and Sports Medicine Joint Rule use and Disclosure of Protected Health Information 
• REG 11.00.01 Family Educational Rights and Privacy (FERPA)
• REG 08.00.03 Data Management Regulation RUL 08.00.18 Endpoint Protection Standard